Node.Security

Security Audit of Nuclide

ISGroup SRL performed an automated Code Review (not a real Static Analysis, more a grep-on-steroid) of this NodeJS project in order to identify potential security vulnerabilities. We do not guarantee that all the findings are valid, and for sure there are plenty of false-positives and false-negatives (undetected issues) but it's free and your project could benefit from this security analisys. The following data is also available in JSON format!

Possible Security Issues
Issue Description Line File
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 106 pkg/sample-quickopen-provider-example/lib/ExampleProvider.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 130 pkg/nuclide-datatip/lib/PinnedDatatip.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 223 pkg/nuclide-source-control-side-bar/lib/SideBarComponent.js
Key Hardcoded A hardcoded key in plain text was identified. 104 pkg/nuclide-find-references/lib/view/FindReferencesView.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 52 pkg/nuclide-external-interfaces/1.0/need-to-upstream-to-flow-lib.js
Remote OS Command Execution User controlled data in 'child_process.exec()' can result in Remote OS Command Execution. 71 pkg/nuclide-server/spec/NuclideServerSecure-spec.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 26 pkg/nuclide-server/lib/blocked.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 50 pkg/nuclide-server/lib/XhrConnectionHeartbeat.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 60 pkg/nuclide-server/lib/NuclideSocket.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 190 pkg/nuclide-server/lib/NuclideSocket.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 192 pkg/nuclide-server/lib/NuclideSocket.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 211 pkg/nuclide-server/lib/NuclideSocket.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 27 pkg/nuclide-server/lib/services/InfoService.js
Remote OS Command Execution User controlled data in 'child_process.exec()' can result in Remote OS Command Execution. 94 pkg/commons-node/process.js
Remote OS Command Execution User controlled data in 'child_process.exec()' can result in Remote OS Command Execution. 345 pkg/commons-node/process.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 34 pkg/commons-node/debounce.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 53 pkg/commons-node/debounce.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 32 pkg/commons-node/BatchProcessedQueue.js
Key Hardcoded A hardcoded key in plain text was identified. 131 pkg/commons-node/humanizeKeystroke.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 110 pkg/commons-node/promise.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 130 pkg/commons-node/promise.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 150 pkg/commons-node/promise.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 232 pkg/commons-node/promise.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 69 pkg/commons-node/ScribeProcess.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 606 pkg/commons-node/spec/promise-spec.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 640 pkg/commons-node/spec/promise-spec.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 37 pkg/commons-node/spec/promise-executors-spec.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 41 pkg/commons-node/spec/promise-executors-spec.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 45 pkg/commons-node/spec/promise-executors-spec.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 78 pkg/commons-node/spec/promise-executors-spec.js
Key Hardcoded A hardcoded key in plain text was identified. 315 pkg/nuclide-hack/lib/HackLanguage.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 101 pkg/nuclide-analytics/spec/decorator-spec.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 128 pkg/nuclide-analytics/spec/decorator-spec.js
Key Hardcoded A hardcoded key in plain text was identified. 14 pkg/nuclide-analytics/lib/HistogramTracker.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 65 pkg/nuclide-analytics/lib/HistogramTracker.js
Key Hardcoded A hardcoded key in plain text was identified. 16 pkg/nuclide-home/spec/home-spec.js
Key Hardcoded A hardcoded key in plain text was identified. 91 pkg/nuclide-home/lib/HomePaneItem.js
Key Hardcoded A hardcoded key in plain text was identified. 103 pkg/nuclide-home/lib/HomePaneItem.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 324 pkg/nuclide-quick-open/spec/QuickSelectionComponent-spec.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 332 pkg/nuclide-quick-open/spec/QuickSelectionComponent-spec.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 340 pkg/nuclide-quick-open/spec/QuickSelectionComponent-spec.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 348 pkg/nuclide-quick-open/spec/QuickSelectionComponent-spec.js
Key Hardcoded A hardcoded key in plain text was identified. 70 pkg/nuclide-quick-open/lib/SearchResultManager.js
Key Hardcoded A hardcoded key in plain text was identified. 71 pkg/nuclide-quick-open/lib/SearchResultManager.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 77 pkg/nuclide-buck/lib/BuckToolbar.js
Key Hardcoded A hardcoded key in plain text was identified. 152 pkg/nuclide-buck/lib/BuckToolbar.js
Key Hardcoded A hardcoded key in plain text was identified. 166 pkg/nuclide-buck/lib/BuckToolbar.js
Key Hardcoded A hardcoded key in plain text was identified. 178 pkg/nuclide-buck/lib/BuckToolbar.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 131 pkg/nuclide-settings/lib/SettingsPaneItem.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 110 pkg/nuclide-nux/lib/NuxView.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 157 pkg/nuclide-nux/lib/NuxView.js
Username Hardcoded A hardcoded username in plain text was identified. Store it properly in a config file. 111 pkg/nuclide-remote-projects/spec/form-validation-utils-spec.js
Username Hardcoded A hardcoded username in plain text was identified. Store it properly in a config file. 119 pkg/nuclide-remote-projects/spec/form-validation-utils-spec.js
Key Hardcoded A hardcoded key in plain text was identified. 202 pkg/nuclide-remote-projects/spec/form-validation-utils-spec.js
Password Hardcoded A hardcoded password in plain text was identified. Store it properly in a config file. 233 pkg/nuclide-remote-projects/spec/form-validation-utils-spec.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 113 pkg/nuclide-remote-projects/lib/ConnectionDetailsForm.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 104 pkg/nuclide-remote-projects/lib/main.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 36 pkg/nuclide-jasmine/bin/jasmine-node-transpiled.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 16 pkg/nuclide-jasmine/spec/faketimer-spec.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 27 pkg/nuclide-jasmine/spec/faketimer-spec.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 28 pkg/nuclide-jasmine/spec/faketimer-spec.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 45 pkg/nuclide-jasmine/spec/faketimer-spec.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 56 pkg/nuclide-jasmine/spec/faketimer-spec.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 57 pkg/nuclide-jasmine/spec/faketimer-spec.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 75 pkg/nuclide-jasmine/spec/faketimer-spec.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 80 pkg/nuclide-jasmine/spec/faketimer-spec.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 51 pkg/nuclide-jasmine/spec/run-jasmine-tests-spec.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 72 pkg/nuclide-debugger-node/VendorLib/node-inspector/lib/BreakEventHandler.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 73 pkg/nuclide-debugger-node/VendorLib/node-inspector/lib/BreakEventHandler.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 75 pkg/nuclide-debugger-node/VendorLib/node-inspector/lib/BreakEventHandler.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 31 pkg/nuclide-debugger-node/VendorLib/node-inspector/lib/session.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 55 pkg/nuclide-debugger-node/VendorLib/node-inspector/lib/Injections/HeapProfilerAgent.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 97 pkg/nuclide-debugger-node/VendorLib/node_modules/async/lib/async.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 396 pkg/nuclide-debugger-node/VendorLib/node_modules/v8-debug/InjectedScript/InjectedScriptSource.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 683 pkg/nuclide-debugger-node/VendorLib/node_modules/v8-debug/InjectedScript/InjectedScriptSource.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 716 pkg/nuclide-debugger-node/VendorLib/node_modules/v8-debug/InjectedScript/InjectedScriptSource.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 978 pkg/nuclide-debugger-node/VendorLib/node_modules/v8-debug/InjectedScript/InjectedScriptSource.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1005 pkg/nuclide-debugger-node/VendorLib/node_modules/v8-debug/InjectedScript/InjectedScriptSource.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 82 pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 206 pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 483 pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 539 pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 903 pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1981 pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2010 pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Key Hardcoded A hardcoded key in plain text was identified. 4122 pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Key Hardcoded A hardcoded key in plain text was identified. 5086 pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Key Hardcoded A hardcoded key in plain text was identified. 6687 pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Key Hardcoded A hardcoded key in plain text was identified. 10177 pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Key Hardcoded A hardcoded key in plain text was identified. 10978 pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Key Hardcoded A hardcoded key in plain text was identified. 12338 pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Key Hardcoded A hardcoded key in plain text was identified. 15368 pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Key Hardcoded A hardcoded key in plain text was identified. 24839 pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 29120 pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 29456 pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 31699 pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 32928 pkg/nuclide-react-native-inspector/VendorLib/dev-tools/standalone.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 112 pkg/nuclide-rpc/lib/RpcConnection.js
Weak Hash used - SHA1 SHA1 is a a weak hash which is known to have collision. Use a strong hashing function. 27 pkg/nuclide-remote-connection/spec/RemoteFile-spec.js
Weak Hash used - SHA1 SHA1 is a a weak hash which is known to have collision. Use a strong hashing function. 196 pkg/nuclide-remote-connection/lib/RemoteFile.js
Weak Hash used - SHA1 SHA1 is a a weak hash which is known to have collision. Use a strong hashing function. 91 pkg/nuclide-remote-connection/lib/RemoteConnectionConfigurationManager.js
Weak Hash used - SHA1 SHA1 is a a weak hash which is known to have collision. Use a strong hashing function. 123 pkg/nuclide-remote-connection/lib/RemoteConnectionConfigurationManager.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 346 pkg/nuclide-remote-connection/lib/SshHandshake.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 228 pkg/nuclide-ui/lib/Combobox.js
Key Hardcoded A hardcoded key in plain text was identified. 295 pkg/nuclide-ui/lib/Combobox.js
Key Hardcoded A hardcoded key in plain text was identified. 339 pkg/nuclide-ui/lib/Combobox.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 56 pkg/nuclide-ui/lib/LoadingSpinner.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 59 pkg/nuclide-ui/lib/highlightOnUpdate.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 147 pkg/nuclide-blame/lib/BlameGutter.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 64 pkg/nuclide-diff-view/lib/SyncScroll.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 210 pkg/nuclide-diff-view/lib/DiffViewComponent.js
Key Hardcoded A hardcoded key in plain text was identified. 49 pkg/nuclide-file-tree/components/FileTreeSidebarComponent.js
Key Hardcoded A hardcoded key in plain text was identified. 142 pkg/nuclide-file-tree/components/FileTreeSidebarComponent.js
Key Hardcoded A hardcoded key in plain text was identified. 147 pkg/nuclide-file-tree/components/FileTreeSidebarComponent.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 54 pkg/nuclide-file-tree/components/FileTree.js
Weak Hash used - MD5 MD5 is a a weak hash which is known to have collision. Use a strong hashing function. 147 pkg/nuclide-file-tree/lib/FileTreeHelpers.js
Key Hardcoded A hardcoded key in plain text was identified. 28 pkg/nuclide-debugger-php-rpc/spec/ConnectionUtils-spec.js
Key Hardcoded A hardcoded key in plain text was identified. 50 pkg/nuclide-debugger-php-rpc/spec/ConnectionUtils-spec.js
Key Hardcoded A hardcoded key in plain text was identified. 72 pkg/nuclide-debugger-php-rpc/spec/ConnectionUtils-spec.js
Key Hardcoded A hardcoded key in plain text was identified. 32 pkg/nuclide-debugger-php-rpc/spec/DbgpConnector-spec.js
Key Hardcoded A hardcoded key in plain text was identified. 17 pkg/nuclide-debugger-php-rpc/lib/DbgpMessageHandler.js
Key Hardcoded A hardcoded key in plain text was identified. 44 pkg/nuclide-logging/lib/main.js
Key Hardcoded A hardcoded key in plain text was identified. 17 pkg/nuclide-logging/lib/stacktrace.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 28 pkg/nuclide-diagnostics-store/spec/LinterAdapter-spec.js
Key Hardcoded A hardcoded key in plain text was identified. 16 pkg/nuclide-working-sets/lib/WorkingSetsConfig.js
Weak Hash used - SHA1 SHA1 is a a weak hash which is known to have collision. Use a strong hashing function. 103 pkg/nuclide-node-transpiler/lib/NodeTranspiler.js
Weak Hash used - SHA1 SHA1 is a a weak hash which is known to have collision. Use a strong hashing function. 127 pkg/nuclide-node-transpiler/lib/NodeTranspiler.js
Key Hardcoded A hardcoded key in plain text was identified. 20 pkg/commons-atom/projects.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 28 pkg/commons-atom/spec/loading-notification-spec.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 46 pkg/commons-atom/spec/loading-notification-spec.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 67 pkg/commons-atom/spec/loading-notification-spec.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 62 pkg/nuclide-debugger-native/lib/LaunchAttachActions.js
Key Hardcoded A hardcoded key in plain text was identified. 131 pkg/nuclide-debugger-native/lib/AttachUIComponent.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 204 pkg/nuclide-diagnostics-ui/lib/gutter.js
Key Hardcoded A hardcoded key in plain text was identified. 232 pkg/nuclide-diagnostics-ui/lib/DiagnosticsPane.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 159 pkg/nuclide-debugger/VendorLib/devtools/front_end/Runtime.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 759 pkg/nuclide-debugger/VendorLib/devtools/front_end/Runtime.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 297 pkg/nuclide-debugger/VendorLib/devtools/front_end/bindings/StylesSourceMapping.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 237 pkg/nuclide-debugger/VendorLib/devtools/front_end/bindings/SASSSourceMapping.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 260 pkg/nuclide-debugger/VendorLib/devtools/front_end/bindings/ContentProviderBasedProjectDelegate.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 331 pkg/nuclide-debugger/VendorLib/devtools/front_end/bindings/ContentProviderBasedProjectDelegate.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 261 pkg/nuclide-debugger/VendorLib/devtools/front_end/sources/SourcesSearchScope.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 863 pkg/nuclide-debugger/VendorLib/devtools/front_end/sources/NavigatorView.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 26 pkg/nuclide-debugger/VendorLib/devtools/front_end/sources/JavaScriptCompiler.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 128 pkg/nuclide-debugger/VendorLib/devtools/front_end/sources/FilteredItemSelectionDialog.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 232 pkg/nuclide-debugger/VendorLib/devtools/front_end/sources/FilteredItemSelectionDialog.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 315 pkg/nuclide-debugger/VendorLib/devtools/front_end/sources/FilteredItemSelectionDialog.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 297 pkg/nuclide-debugger/VendorLib/devtools/front_end/sources/SourcesPanel.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 36 pkg/nuclide-debugger/VendorLib/devtools/front_end/sources/WorkspaceMappingTip.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 29 pkg/nuclide-debugger/VendorLib/devtools/front_end/sources/AsyncOperationsSidebarPane.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 379 pkg/nuclide-debugger/VendorLib/devtools/front_end/sources/WatchExpressionsSidebarPane.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 876 pkg/nuclide-debugger/VendorLib/devtools/front_end/sources/JavaScriptSourceFrame.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 84 pkg/nuclide-debugger/VendorLib/devtools/front_end/common/WorkerRuntime.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 34 pkg/nuclide-debugger/VendorLib/devtools/front_end/common/StaticContentProvider.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 76 pkg/nuclide-debugger/VendorLib/devtools/front_end/common/Throttler.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 94 pkg/nuclide-debugger/VendorLib/devtools/front_end/common/Throttler.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 67 pkg/nuclide-debugger/VendorLib/devtools/front_end/common/TestBase.js
Key Hardcoded A hardcoded key in plain text was identified. 287 pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/KeyboardShortcut.js
Key Hardcoded A hardcoded key in plain text was identified. 288 pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/KeyboardShortcut.js
Key Hardcoded A hardcoded key in plain text was identified. 289 pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/KeyboardShortcut.js
Key Hardcoded A hardcoded key in plain text was identified. 290 pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/KeyboardShortcut.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 247 pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/TextPrompt.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 369 pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/TextPrompt.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 131 pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/SuggestBox.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 265 pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/Popover.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 345 pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/Popover.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 357 pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/Popover.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 93 pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/ShortcutRegistry.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1138 pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/UIUtils.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 249 pkg/nuclide-debugger/VendorLib/devtools/front_end/ui/SoftContextMenu.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 596 pkg/nuclide-debugger/VendorLib/devtools/front_end/snippets/ScriptSnippetModel.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 365 pkg/nuclide-debugger/VendorLib/devtools/front_end/host/InspectorFrontendHost.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 820 pkg/nuclide-debugger/VendorLib/devtools/front_end/extensions/ExtensionAPI.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 91 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/matchbrackets.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 96 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 106 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 284 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 325 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 518 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1505 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2810 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2828 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2839 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2877 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3001 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3004 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3094 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3246 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3419 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3432 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3497 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3500 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3509 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3513 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 7371 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 7429 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 7639 pkg/nuclide-debugger/VendorLib/devtools/front_end/cm/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 421 pkg/nuclide-debugger/VendorLib/devtools/front_end/components/InspectorView.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1160 pkg/nuclide-debugger/VendorLib/devtools/front_end/source_frame/CodeMirrorTextEditor.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1336 pkg/nuclide-debugger/VendorLib/devtools/front_end/source_frame/CodeMirrorTextEditor.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 61 pkg/nuclide-debugger/VendorLib/devtools/front_end/source_frame/SourceFrame.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 40 pkg/nuclide-debugger/VendorLib/devtools/front_end/main/TestController.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 152 pkg/nuclide-debugger/VendorLib/devtools/front_end/main/Tests.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 158 pkg/nuclide-debugger/VendorLib/devtools/front_end/main/Tests.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 182 pkg/nuclide-debugger/VendorLib/devtools/front_end/main/Tests.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 215 pkg/nuclide-debugger/VendorLib/devtools/front_end/main/Tests.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 223 pkg/nuclide-debugger/VendorLib/devtools/front_end/main/Tests.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 285 pkg/nuclide-debugger/VendorLib/devtools/front_end/main/Main.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 360 pkg/nuclide-debugger/VendorLib/devtools/front_end/main/Main.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 444 pkg/nuclide-debugger/VendorLib/devtools/front_end/main/Main.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 179 pkg/nuclide-debugger/VendorLib/devtools/front_end/sdk/DebuggerModel.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 199 pkg/nuclide-debugger/VendorLib/devtools/front_end/sdk/InspectorBackend.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 533 pkg/nuclide-debugger/VendorLib/devtools/front_end/sdk/InspectorBackend.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 586 pkg/nuclide-debugger/VendorLib/devtools/front_end/sdk/InspectorBackend.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 735 pkg/nuclide-debugger/VendorLib/devtools/front_end/sdk/InspectorBackend.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1278 pkg/nuclide-debugger/VendorLib/devtools/front_end/sdk/DOMModel.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1673 pkg/nuclide-debugger/VendorLib/devtools/front_end/sdk/DOMModel.js
Key Hardcoded A hardcoded key in plain text was identified. 101 pkg/nuclide-debugger/lib/DebuggerSteppingComponent.js
Key Hardcoded A hardcoded key in plain text was identified. 116 pkg/nuclide-debugger/lib/DebuggerSteppingComponent.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 100 pkg/nuclide-debugger/lib/main.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 101 pkg/nuclide-debugger/lib/Bridge.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 98 pkg/nuclide-debugger/lib/WatchExpressionComponent.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 45 pkg/nuclide-debugger/lib/DebuggerPauseController.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 57 resources/benchmarker/benchmarker-utils.js
Key Hardcoded A hardcoded key in plain text was identified. 36 resources/benchmarker/spec/benchmarker-spec.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 50 spec/utils/pollFor.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 20 spec/utils/quick-open-provider-cycle-common.js
Missing Security Features
Issue Description
Missing Security Header - X-Frame-Options (XFO) X-Frame-Options (XFO) header provides protection against Clickjacking attacks.
Missing Security Header - Content-Security-Policy (CSP) Content Security Policy (CSP), a mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS). CSP Header was not found.
Missing Security Header - Strict-Transport-Security (HSTS) Strict-Transport-Security (HSTS) header enforces secure (HTTP over SSL/TLS) connections to the server.
Infromation Disclosure - X-Powered-By Remove the X-Powered-By header to prevent information gathering.
Missing Security Header - X-Content-Type-Options X-Content-Type-Options header prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type.
Missing Security Header - X-Download-Options: noopen X-Download-Options header set to noopen prevents IE users from directly opening and executing downloads in your site's context.
Missing Security Header - X-XSS-Protection:1 X-XSS-Protection header set to 1 enables the Cross-site scripting (XSS) filter built into most recent web browsers.
Missing Security Header - Public-Key-Pins (HPKP) Public-Key-Pins (HPKP) ensures that certificate is Pinned.
Outdated Libraries
File Library Reference