Skip to content

Probely/vulnerabilities-knowledge-base

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
angularjs-library-with-known-vulnerabilities.md
angularjs-library-with-known-vulnerabilities.md
 
 
application-error-message.md
application-error-message.md
 
 
aspnet-debugging-enabled.md
aspnet-debugging-enabled.md
 
 
aspnet-tracing-enabled.md
aspnet-tracing-enabled.md
 
 
aspnet-viewstate-without-mac.md
aspnet-viewstate-without-mac.md
 
 
axios-library-with-known-vulnerabilities.md
axios-library-with-known-vulnerabilities.md
 
 
backbone-library-with-known-vulnerabilities.md
backbone-library-with-known-vulnerabilities.md
 
 
bootstrap-library-with-known-vulnerabilities.md
bootstrap-library-with-known-vulnerabilities.md
 
 
browser-content-sniffing-allowed.md
browser-content-sniffing-allowed.md
 
 
certificate-with-insufficient-key-size-or-usage-or-insecure-signature-algorithm.md
certificate-with-insufficient-key-size-or-usage-or-insecure-signature-algorithm.md
 
 
certificate-without-revocation-information.md
certificate-without-revocation-information.md
 
 
chartjs-library-with-known-vulnerabilities.md
chartjs-library-with-known-vulnerabilities.md
 
 
ckeditor-library-with-known-vulnerabilities.md
ckeditor-library-with-known-vulnerabilities.md
 
 
cookie-with-samesite-attribute-set-to-none.md
cookie-with-samesite-attribute-set-to-none.md
 
 
cookie-without-httponly-flag.md
cookie-without-httponly-flag.md
 
 
crlf-injection.md
crlf-injection.md
 
 
cross-origin-resource-sharing-arbitrary-origin-trusted.md
cross-origin-resource-sharing-arbitrary-origin-trusted.md
 
 
deprecated-tls-protocol-version-10-supported.md
deprecated-tls-protocol-version-10-supported.md
 
 
deprecated-tls-protocol-version-11-supported.md
deprecated-tls-protocol-version-11-supported.md
 
 
directory-listing.md
directory-listing.md
 
 
dojo-library-with-known-vulnerabilities.md
dojo-library-with-known-vulnerabilities.md
 
 
dompurify-library-with-known-vulnerabilities.md
dompurify-library-with-known-vulnerabilities.md
 
 
drupal-version-with-known-vulnerabilities.md
drupal-version-with-known-vulnerabilities.md
 
 
dwr-library-with-known-vulnerabilities.md
dwr-library-with-known-vulnerabilities.md
 
 
easyxdm-library-with-known-vulnerabilities.md
easyxdm-library-with-known-vulnerabilities.md
 
 
ember-library-with-known-vulnerabilities.md
ember-library-with-known-vulnerabilities.md
 
 
expired-tls-certificate.md
expired-tls-certificate.md
 
 
flowplayer-library-with-known-vulnerabilities.md
flowplayer-library-with-known-vulnerabilities.md
 
 
froala-library-with-known-vulnerabilities.md
froala-library-with-known-vulnerabilities.md
 
 
full-path-disclosure.md
full-path-disclosure.md
 
 
graphql-introspection-enabled.md
graphql-introspection-enabled.md
 
 
graphql-misconfiguration.md
graphql-misconfiguration.md
 
 
handlebars-library-with-known-vulnerabilities.md
handlebars-library-with-known-vulnerabilities.md
 
 
heartbleed.md
heartbleed.md
 
 
hidden-file-found.md
hidden-file-found.md
 
 
highcharts-library-with-known-vulnerabilities.md
highcharts-library-with-known-vulnerabilities.md
 
 
hsts-header-does-not-protect-subdomains.md
hsts-header-does-not-protect-subdomains.md
 
 
hsts-header-not-enforced.md
hsts-header-not-enforced.md
 
 
hsts-header-set-in-http.md
hsts-header-set-in-http.md
 
 
hsts-header-with-low-duration-and-no-subdomain-protection.md
hsts-header-with-low-duration-and-no-subdomain-protection.md
 
 
hsts-header-with-low-duration.md
hsts-header-with-low-duration.md
 
 
http-trace-method-enabled.md
http-trace-method-enabled.md
 
 
inclusion-of-cryptocurrency-mining-script.md
inclusion-of-cryptocurrency-mining-script.md
 
 
insecure-browser-xss-protection-enabled.md
insecure-browser-xss-protection-enabled.md
 
 
insecure-content-security-policy.md
insecure-content-security-policy.md
 
 
insecure-crossdomainxml-policy.md
insecure-crossdomainxml-policy.md
 
 
insecure-php-object-deserialization.md
insecure-php-object-deserialization.md
 
 
insecure-referrer-policy.md
insecure-referrer-policy.md
 
 
insecure-silverlight-clientaccesspolicyxml-policy.md
insecure-silverlight-clientaccesspolicyxml-policy.md
 
 
insecure-ssl-protocol-version-2-supported.md
insecure-ssl-protocol-version-2-supported.md
 
 
insecure-ssl-protocol-version-3-supported.md
insecure-ssl-protocol-version-3-supported.md
 
 
invalid-referrer-policy.md
invalid-referrer-policy.md
 
 
joomla-version-with-known-vulnerabilities.md
joomla-version-with-known-vulnerabilities.md
 
 
jplayer-library-with-known-vulnerabilities.md
jplayer-library-with-known-vulnerabilities.md
 
 
jquery-library-with-known-vulnerabilities.md
jquery-library-with-known-vulnerabilities.md
 
 
jquery-migrate-library-with-known-vulnerabilities.md
jquery-migrate-library-with-known-vulnerabilities.md
 
 
jquery-mobile-library-with-known-vulnerabilities.md
jquery-mobile-library-with-known-vulnerabilities.md
 
 
jquery-ui-library-with-known-vulnerabilities.md
jquery-ui-library-with-known-vulnerabilities.md
 
 
jszip-library-with-known-vulnerabilities.md
jszip-library-with-known-vulnerabilities.md
 
 
jwt-accepting-none-algorithm.md
jwt-accepting-none-algorithm.md
 
 
jwt-algorithm-confusion.md
jwt-algorithm-confusion.md
 
 
jwt-signature-is-not-being-verified.md
jwt-signature-is-not-being-verified.md
 
 
knockout-library-with-known-vulnerabilities.md
knockout-library-with-known-vulnerabilities.md
 
 
log-file-disclosure.md
log-file-disclosure.md
 
 
log4shell.md
log4shell.md
 
 
missing-clickjacking-protection.md
missing-clickjacking-protection.md
 
 
missing-content-security-policy-header.md
missing-content-security-policy-header.md
 
 
missing-cross-site-request-forgery-protection.md
missing-cross-site-request-forgery-protection.md
 
 
mixed-content.md
mixed-content.md
 
 
momentjs-library-with-known-vulnerabilities.md
momentjs-library-with-known-vulnerabilities.md
 
 
mongodb-injection.md
mongodb-injection.md
 
 
mustache-library-with-known-vulnerabilities.md
mustache-library-with-known-vulnerabilities.md
 
 
nextjs-library-with-known-vulnerabilities.md
nextjs-library-with-known-vulnerabilities.md
 
 
open-redirection.md
open-redirection.md
 
 
os-command-injection.md
os-command-injection.md
 
 
path-traversal.md
path-traversal.md
 
 
php-code-injection.md
php-code-injection.md
 
 
plupload-library-with-known-vulnerabilities.md
plupload-library-with-known-vulnerabilities.md
 
 
potential-dos-on-tls-client-renegotiation.md
potential-dos-on-tls-client-renegotiation.md
 
 
prettyphoto-library-with-known-vulnerabilities.md
prettyphoto-library-with-known-vulnerabilities.md
 
 
private-ip-addresses-disclosed.md
private-ip-addresses-disclosed.md
 
 
prototype-library-with-known-vulnerabilities.md
prototype-library-with-known-vulnerabilities.md
 
 
python-code-injection.md
python-code-injection.md
 
 
react-library-with-known-vulnerabilities.md
react-library-with-known-vulnerabilities.md
 
 
referrer-policy-not-defined.md
referrer-policy-not-defined.md
 
 
reflected-cross-site-scripting.md
reflected-cross-site-scripting.md
 
 
remote-file-inclusion.md
remote-file-inclusion.md
 
 
ruby-code-injection.md
ruby-code-injection.md
 
 
secure-renegotiation-is-not-supported.md
secure-renegotiation-is-not-supported.md
 
 
secure-tls-protocol-version-12-not-supported.md
secure-tls-protocol-version-12-not-supported.md
 
 
server-cipher-order-not-configured.md
server-cipher-order-not-configured.md
 
 
server-side-javascript-injection.md
server-side-javascript-injection.md
 
 
server-side-request-forgery.md
server-side-request-forgery.md
 
 
server-side-template-injection.md
server-side-template-injection.md
 
 
session-token-in-url.md
session-token-in-url.md
 
 
sessvars-library-with-known-vulnerabilities.md
sessvars-library-with-known-vulnerabilities.md
 
 
spring-cloud-spel-code-injection-cve-2022-22963.md
spring-cloud-spel-code-injection-cve-2022-22963.md
 
 
spring4shell.md
spring4shell.md
 
 

Repository files navigation

Vulnerability Knowledge Base

This knowledge base is being used at https://probely.com/vulnerabilities/ and by Probely App.

You're free to use the information from this knowledge base. For more details check the LICENSE file.

The main difference between this and other vulnerability knowledge bases is that this one includes specific instructions on how to fix the vulnerabilities based on the tech stack used (Python, Java, PHP, nginx, Apache, etc.). This is a working in progress and we appreciate contributions.

You can also contribute back to this knowledge base, following the instructions below.

Contributing to this knowledge base

  1. Clone this repo
  2. Edit a vulnerability markdown file
  3. Edit the text keeping in mind the file schema (see below)
  4. Create a PR

Vulnerability file schema

The header of the file is in YAML and the body in Markdown.

Header format

name: <vuln name>
severity: <low|medium|high>
cvss-score: <n.n>
cvss-vector: <cvss v3 vector string>
cwe-id: <CWE-nnn>
cwe-name: <CWE name>
compliance:
  owasp10: <A1, A3, ...>
  pci: <6.5.3, 6.5.4, ...>

Body format

Vulnerability description text

## How to fix 

{% tabs <filename> %}

{% tab <filename> generic %}
generic how-to-fix instructions text
{% endtab %}

{% tab <filename> <tech> %}
how-to-fix instructions text for tech
{% endtab %}

{% endtabs %}

About

Vulnerability

Resources

Readme

License

CC0-1.0 license
Activity
Custom properties

Stars

30 stars

Watchers

7 watching

Forks

12 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 6