npm - @zerothreatai/vulnerability-registry - Versions diffs - 2.0.0 → 4.0.0 - Mend

@zerothreatai/vulnerability-registry 2.0.0 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (49) hide show

package/dist/categories/authentication.js +17 -0
package/dist/categories/configuration.js +501 -0
package/dist/categories/injection.js +34 -0
package/dist/categories/sensitive-paths.js +84 -0
package/dist/categories/ssrf.js +11 -0
package/dist/categories/xss.js +15 -0
package/dist/category.d.ts +6 -0
package/dist/category.js +15 -0
package/dist/error-codes.d.ts +20 -0
package/dist/error-codes.js +20 -0
package/dist/index.d.ts +9 -1
package/dist/index.js +5 -1
package/dist/scanner.d.ts +6 -0
package/dist/scanner.js +22 -0
package/dist/types.d.ts +2 -0
package/dist-cjs/categories/authentication.js +17 -0
package/dist-cjs/categories/configuration.js +501 -0
package/dist-cjs/categories/injection.js +34 -0
package/dist-cjs/categories/sensitive-paths.js +84 -0
package/dist-cjs/categories/ssrf.js +11 -0
package/dist-cjs/categories/xss.js +15 -0
package/dist-cjs/category.js +18 -0
package/dist-cjs/error-codes.js +20 -0
package/dist-cjs/index.js +7 -1
package/dist-cjs/scanner.js +25 -0
package/package.json +1 -1
package/src/categories/authentication.js +54 -40
package/src/categories/authentication.ts +134 -117
package/src/categories/configuration.js +990 -114
package/src/categories/configuration.ts +1625 -1104
package/src/categories/injection.js +105 -74
package/src/categories/injection.ts +129 -95
package/src/categories/sensitive-paths.js +255 -174
package/src/categories/sensitive-paths.ts +84 -0
package/src/categories/ssrf.js +36 -28
package/src/categories/ssrf.ts +11 -0
package/src/categories/xss.js +47 -35
package/src/categories/xss.ts +15 -0
package/src/category.ts +16 -0
package/src/error-codes.d.ts +38 -0
package/src/error-codes.js +41 -6
package/src/error-codes.ts +25 -5
package/src/index.js +33 -48
package/src/index.ts +20 -14
package/src/scanner.ts +23 -0
package/src/types.d.ts +2 -0
package/src/types.js +1 -2
package/src/types.ts +4 -2
package/zerothreatai-vulnerability-registry-4npm .0.0.tgz +0 -0

package/dist-cjs/categories/ssrf.js CHANGED Viewed

@@ -14,6 +14,7 @@ exports.SSRF_VULNERABILITIES = {
         title: 'Server-Side Request Forgery - Cloud Metadata Access',
         description: 'Critical SSRF vulnerability enabling access to cloud provider metadata services (AWS IMDSv1, GCP, Azure) which expose sensitive information including IAM credentials, API tokens, and instance configuration that can lead to full cloud account compromise and lateral movement.',
         severity: 'critical',
+        levelId: 1,
         category: 'ssrf',
         scanner: 'ssrf',
         cvss: {
@@ -35,6 +36,7 @@ exports.SSRF_VULNERABILITIES = {
         title: 'Server-Side Request Forgery - Internal Service Access',
         description: 'SSRF vulnerability allowing attackers to access internal network services that should not be reachable from the internet, including databases, admin panels, cache servers, and other infrastructure components protected only by network segmentation without authentication.',
         severity: 'high',
+        levelId: 2,
         category: 'ssrf',
         scanner: 'ssrf',
         cvss: {
@@ -56,6 +58,7 @@ exports.SSRF_VULNERABILITIES = {
         title: 'Server-Side Request Forgery - Protocol Smuggling',
         description: 'SSRF vulnerability exploiting non-HTTP protocol handlers like file://, gopher://, dict://, or ftp:// to read local files, interact with internal services using raw TCP, or perform attacks that would not be possible through HTTP requests alone, significantly expanding impact scope.',
         severity: 'high',
+        levelId: 2,
         category: 'ssrf',
         scanner: 'ssrf',
         cvss: {
@@ -77,6 +80,7 @@ exports.SSRF_VULNERABILITIES = {
         title: 'Server-Side Request Forgery - Blind OOB',
         description: 'Blind SSRF vulnerability confirmed through out-of-band DNS or HTTP callbacks indicating the server makes requests to attacker-controlled destinations even though responses are not reflected, enabling internal network scanning and data exfiltration through DNS or timing side channels.',
         severity: 'medium',
+        levelId: 3,
         category: 'ssrf',
         scanner: 'ssrf',
         cvss: {
@@ -101,6 +105,7 @@ exports.SSRF_VULNERABILITIES = {
         title: 'Open Redirect - HTTP Header Injection',
         description: 'Open redirect vulnerability through Location header manipulation allowing attackers to redirect victims to malicious websites after authenticating or interacting with the legitimate application, facilitating phishing attacks that abuse user trust in the original domain.',
         severity: 'medium',
+        levelId: 3,
         category: 'business_logic',
         scanner: 'redirect-route',
         cvss: {
@@ -122,6 +127,7 @@ exports.SSRF_VULNERABILITIES = {
         title: 'Open Redirect - JavaScript Navigation',
         description: 'Client-side open redirect vulnerability through JavaScript navigation methods like window.location or location.href being set to user-controlled values, allowing attackers to redirect users to malicious sites through specially crafted URLs that bypass server-side validation.',
         severity: 'medium',
+        levelId: 3,
         category: 'business_logic',
         scanner: 'redirect-route',
         cvss: {
@@ -146,6 +152,7 @@ exports.SSRF_VULNERABILITIES = {
         title: 'Host Header Injection - Cache Poisoning',
         description: 'Host header injection vulnerability where manipulated Host headers are reflected in cached responses, allowing attackers to poison web caches and CDNs with malicious content that is then served to all users, potentially enabling widespread defacement or malware distribution.',
         severity: 'high',
+        levelId: 2,
         category: 'configuration',
         scanner: 'host-header',
         cvss: {
@@ -167,6 +174,7 @@ exports.SSRF_VULNERABILITIES = {
         title: 'Host Header Injection - Password Reset Poisoning',
         description: 'Critical host header injection vulnerability in password reset functionality where the injected Host header is used to generate password reset URLs, allowing attackers to receive password reset tokens when victims click the manipulated links in legitimate reset emails.',
         severity: 'high',
+        levelId: 2,
         category: 'configuration',
         scanner: 'host-header',
         cvss: {
@@ -188,6 +196,7 @@ exports.SSRF_VULNERABILITIES = {
         title: 'Server-Side Request Forgery - Filter Bypass',
         description: 'SSRF vulnerability that bypasses security filters through encoding tricks (URL encoding, IPv6 representation, decimal IP notation), DNS rebinding, or using alternative representations of blocked addresses to reach internal resources despite URL validation controls.',
         severity: 'high',
+        levelId: 2,
         category: 'ssrf',
         scanner: 'ssrf',
         cvss: {
@@ -209,6 +218,7 @@ exports.SSRF_VULNERABILITIES = {
         title: 'Open Redirect - Meta Refresh',
         description: 'Open redirect vulnerability through HTML meta refresh tags where user input controls the redirect target URL, enabling phishing attacks by sending victims to malicious sites after a brief delay on the legitimate domain, bypassing some security controls.',
         severity: 'low',
+        levelId: 4,
         category: 'business_logic',
         scanner: 'redirect-route',
         cvss: {
@@ -230,6 +240,7 @@ exports.SSRF_VULNERABILITIES = {
         title: 'Host Header Injection - Open Redirect',
         description: 'Host header injection leading to open redirect where the application uses the Host header to generate redirect URLs, allowing attackers to redirect users to malicious domains by manipulating the Host header in their requests.',
         severity: 'medium',
+        levelId: 3,
         category: 'configuration',
         scanner: 'host-header',
         cvss: {

package/dist-cjs/categories/xss.js CHANGED Viewed

@@ -14,6 +14,7 @@ exports.XSS_VULNERABILITIES = {
         title: 'Cross-Site Scripting - Reflected',
         description: 'Reflected XSS vulnerability where user input is immediately returned by the server in the response without proper encoding, allowing attackers to inject malicious scripts that execute in the victim browser when they click a crafted link or submit a manipulated form.',
         severity: 'medium',
+        levelId: 3,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -35,6 +36,7 @@ exports.XSS_VULNERABILITIES = {
         title: 'Cross-Site Scripting - Stored',
         description: 'Critical stored XSS vulnerability where malicious scripts are permanently saved in the application database and served to all users who view the affected content, enabling widespread session hijacking, credential theft, and malware distribution without requiring victim interaction beyond normal usage.',
         severity: 'high',
+        levelId: 2,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -56,6 +58,7 @@ exports.XSS_VULNERABILITIES = {
         title: 'Cross-Site Scripting - DOM Based',
         description: 'DOM-based XSS vulnerability where the attack payload is processed entirely in the client-side JavaScript code without being sent to the server, typically through dangerous sinks like innerHTML, document.write(), or eval() that process URL fragments or user-controlled DOM elements.',
         severity: 'medium',
+        levelId: 3,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -77,6 +80,7 @@ exports.XSS_VULNERABILITIES = {
         title: 'Cross-Site Scripting - SVG Injection',
         description: 'SVG-based XSS vulnerability where malicious JavaScript is embedded within SVG image files using script elements or event handlers like onload, which execute when the browser renders the SVG file as an image or inline element, bypassing image upload security controls.',
         severity: 'high',
+        levelId: 2,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -98,6 +102,7 @@ exports.XSS_VULNERABILITIES = {
         title: 'Cross-Site Scripting - Angular Template Injection',
         description: 'AngularJS client-side template injection vulnerability where user input containing Angular expressions like {{constructor.constructor("alert(1)")()}} is evaluated by the Angular template engine, leading to arbitrary JavaScript execution in the user browser context.',
         severity: 'high',
+        levelId: 2,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -120,6 +125,7 @@ exports.XSS_VULNERABILITIES = {
         title: 'Cross-Site Scripting - CSP Bypass',
         description: 'XSS vulnerability that bypasses Content Security Policy protections through techniques like JSONP endpoints on whitelisted domains, base tag injection, Angular.js libraries on CDN, or other CSP bypass gadgets that allow script execution despite CSP controls being in place.',
         severity: 'high',
+        levelId: 2,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -141,6 +147,7 @@ exports.XSS_VULNERABILITIES = {
         title: 'Cross-Site Scripting - JavaScript Context',
         description: 'XSS vulnerability where user input is injected directly into JavaScript code blocks, allowing attackers to break out of string contexts and execute arbitrary JavaScript by injecting quote characters and script code, or modify application logic by injecting new statements.',
         severity: 'high',
+        levelId: 2,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -162,6 +169,7 @@ exports.XSS_VULNERABILITIES = {
         title: 'Cross-Site Scripting - Event Handler Injection',
         description: 'XSS vulnerability through injection into HTML event handler attributes like onclick, onerror, onload, or onmouseover, allowing attackers to execute JavaScript when users interact with or simply view the affected page elements without requiring script tags.',
         severity: 'high',
+        levelId: 2,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -183,6 +191,7 @@ exports.XSS_VULNERABILITIES = {
         title: 'Cross-Site Scripting - Script Tag Injection',
         description: 'XSS vulnerability where attackers can inject complete script tags into the HTML response, enabling arbitrary JavaScript execution. This is often the most straightforward XSS exploitation when input is not properly sanitized before rendering.',
         severity: 'high',
+        levelId: 2,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -204,6 +213,7 @@ exports.XSS_VULNERABILITIES = {
         title: 'Cross-Site Scripting - HTML Injection',
         description: 'HTML injection vulnerability where attackers can inject arbitrary HTML elements that modify page structure, enabling phishing attacks through fake login forms, content spoofing, or combination with CSS to overlay malicious content over legitimate page elements.',
         severity: 'medium',
+        levelId: 3,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -225,6 +235,7 @@ exports.XSS_VULNERABILITIES = {
         title: 'Cross-Site Scripting - Attribute Injection',
         description: 'XSS vulnerability where user input is placed in HTML attributes without proper encoding, allowing attackers to break out of the attribute context and inject new attributes or event handlers by using quote characters and spaces.',
         severity: 'medium',
+        levelId: 3,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -246,6 +257,7 @@ exports.XSS_VULNERABILITIES = {
         title: 'Cross-Site Scripting - CSS Injection',
         description: 'CSS injection vulnerability where attackers can inject malicious CSS rules to exfiltrate data through CSS selectors and background URLs, modify page appearance for phishing, or in older browsers achieve JavaScript execution through CSS expressions.',
         severity: 'medium',
+        levelId: 3,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -267,6 +279,7 @@ exports.XSS_VULNERABILITIES = {
         title: 'Cross-Site Scripting - Template Literal Injection',
         description: 'XSS vulnerability through JavaScript template literals (backtick strings) where user input can break out of the template context or inject expressions using ${} syntax, executing arbitrary JavaScript in the client browser context.',
         severity: 'high',
+        levelId: 2,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -288,6 +301,7 @@ exports.XSS_VULNERABILITIES = {
         title: 'Cross-Site Scripting - Mutation XSS',
         description: 'Mutation-based XSS (mXSS) vulnerability exploiting browser HTML parser quirks and DOM mutations where seemingly safe HTML is transformed into executable script through browser parsing behaviors, bypassing traditional sanitization.',
         severity: 'high',
+        levelId: 2,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -309,6 +323,7 @@ exports.XSS_VULNERABILITIES = {
         title: 'Cross-Site Scripting - Vue.js Template Injection',
         description: 'Vue.js client-side template injection vulnerability where user input containing Vue expression syntax like {{}} or v-bind directives is evaluated by the Vue template compiler, leading to arbitrary JavaScript execution in the browser context.',
         severity: 'high',
+        levelId: 2,
         category: 'xss',
         scanner: 'xss',
         cvss: {

package/dist-cjs/category.js ADDED Viewed

@@ -0,0 +1,18 @@
+"use strict";
+/**
+ * Category registry - human-friendly titles for categories.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CATEGORY_REGISTRY = void 0;
+exports.CATEGORY_REGISTRY = {
+    "injection": { title: "Injection" },
+    "xss": { title: "Cross-Site Scripting" },
+    "authentication": { title: "Authentication" },
+    "access_control": { title: "Access Control" },
+    "configuration": { title: "Configuration" },
+    "information_disclosure": { title: "Information Disclosure" },
+    "cryptographic": { title: "Cryptographic" },
+    "business_logic": { title: "Business Logic" },
+    "ssrf": { title: "Server-Side Request Forgery" },
+    "file_inclusion": { title: "File Inclusion" },
+};

package/dist-cjs/error-codes.js CHANGED Viewed

@@ -175,6 +175,26 @@ var VulnerabilityCode;
     // ========================================
     // DIRECTORY BROWSING (DIRBROWSE_*)
     // ========================================
+    VulnerabilityCode["DIRBROWSE_GENERIC"] = "DIRBROWSE_GENERIC";
+    VulnerabilityCode["DIRBROWSE_GENERIC_SENSITIVE"] = "DIRBROWSE_GENERIC_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_APACHE"] = "DIRBROWSE_APACHE";
+    VulnerabilityCode["DIRBROWSE_APACHE_SENSITIVE"] = "DIRBROWSE_APACHE_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_NGINX"] = "DIRBROWSE_NGINX";
+    VulnerabilityCode["DIRBROWSE_NGINX_SENSITIVE"] = "DIRBROWSE_NGINX_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_IIS"] = "DIRBROWSE_IIS";
+    VulnerabilityCode["DIRBROWSE_IIS_SENSITIVE"] = "DIRBROWSE_IIS_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_TOMCAT"] = "DIRBROWSE_TOMCAT";
+    VulnerabilityCode["DIRBROWSE_TOMCAT_SENSITIVE"] = "DIRBROWSE_TOMCAT_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_CADDY"] = "DIRBROWSE_CADDY";
+    VulnerabilityCode["DIRBROWSE_CADDY_SENSITIVE"] = "DIRBROWSE_CADDY_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_WEBDAV"] = "DIRBROWSE_WEBDAV";
+    VulnerabilityCode["DIRBROWSE_WEBDAV_SENSITIVE"] = "DIRBROWSE_WEBDAV_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_S3"] = "DIRBROWSE_S3";
+    VulnerabilityCode["DIRBROWSE_S3_SENSITIVE"] = "DIRBROWSE_S3_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_GCS"] = "DIRBROWSE_GCS";
+    VulnerabilityCode["DIRBROWSE_GCS_SENSITIVE"] = "DIRBROWSE_GCS_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_AZURE_BLOB"] = "DIRBROWSE_AZURE_BLOB";
+    VulnerabilityCode["DIRBROWSE_AZURE_BLOB_SENSITIVE"] = "DIRBROWSE_AZURE_BLOB_SENSITIVE";
     VulnerabilityCode["DIRBROWSE_ENABLED"] = "DIRBROWSE_ENABLED";
     VulnerabilityCode["DIRBROWSE_SENSITIVE"] = "DIRBROWSE_SENSITIVE";
     // ========================================

package/dist-cjs/index.js CHANGED Viewed

@@ -5,7 +5,7 @@
  * Exports all vulnerability codes, definitions, and lookup utilities
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.SENSITIVE_PATH_VULNERABILITIES = exports.CONFIG_VULNERABILITIES = exports.AUTH_VULNERABILITIES = exports.SSRF_VULNERABILITIES = exports.XSS_VULNERABILITIES = exports.INJECTION_VULNERABILITIES = exports.VulnerabilityCode = exports.VULNERABILITY_REGISTRY = void 0;
+exports.SCANNER_REGISTRY = exports.CATEGORY_REGISTRY = exports.SENSITIVE_PATH_VULNERABILITIES = exports.CONFIG_VULNERABILITIES = exports.AUTH_VULNERABILITIES = exports.SSRF_VULNERABILITIES = exports.XSS_VULNERABILITIES = exports.INJECTION_VULNERABILITIES = exports.VulnerabilityCode = exports.VULNERABILITY_REGISTRY = void 0;
 exports.getVulnerabilityDefinition = getVulnerabilityDefinition;
 exports.getVulnerabilitiesByScanner = getVulnerabilitiesByScanner;
 exports.getVulnerabilitiesByCategory = getVulnerabilitiesByCategory;
@@ -27,6 +27,10 @@ const configuration_js_1 = require("./categories/configuration.js");
 Object.defineProperty(exports, "CONFIG_VULNERABILITIES", { enumerable: true, get: function () { return configuration_js_1.CONFIG_VULNERABILITIES; } });
 const sensitive_paths_js_1 = require("./categories/sensitive-paths.js");
 Object.defineProperty(exports, "SENSITIVE_PATH_VULNERABILITIES", { enumerable: true, get: function () { return sensitive_paths_js_1.SENSITIVE_PATH_VULNERABILITIES; } });
+const category_js_1 = require("./category.js");
+Object.defineProperty(exports, "CATEGORY_REGISTRY", { enumerable: true, get: function () { return category_js_1.CATEGORY_REGISTRY; } });
+const scanner_js_1 = require("./scanner.js");
+Object.defineProperty(exports, "SCANNER_REGISTRY", { enumerable: true, get: function () { return scanner_js_1.SCANNER_REGISTRY; } });
 /**
  * Complete vulnerability registry combining all categories
  */
@@ -104,4 +108,6 @@ exports.default = {
     getAllVulnerabilityCodes,
     getVulnerabilityCount,
     createFinding,
+    CATEGORY_REGISTRY: category_js_1.CATEGORY_REGISTRY,
+    SCANNER_REGISTRY: scanner_js_1.SCANNER_REGISTRY,
 };

package/dist-cjs/scanner.js ADDED Viewed

@@ -0,0 +1,25 @@
+"use strict";
+/**
+ * Scanner registry - human-friendly titles for scanners.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SCANNER_REGISTRY = void 0;
+exports.SCANNER_REGISTRY = {
+    "broken-access": { title: "Broken Access" },
+    "command-injection": { title: "Command Injection" },
+    "deserialization": { title: "Deserialization" },
+    "directory-browsing": { title: "Directory Browsing" },
+    "host-header": { title: "Host Header" },
+    "jwt": { title: "JSON WEB TOKEN" },
+    "local-file-inclusion": { title: "Local File Inclusion" },
+    "model-state": { title: "Model State" },
+    "redirect-route": { title: "Redirect Route" },
+    "security-headers": { title: "Security Headers" },
+    "sensitive-path-scout": { title: "Sensitive Path Scout" },
+    "sql-injection": { title: "SQL Injection" },
+    "ssrf": { title: "SSRF" },
+    "ssti": { title: "SSTI" },
+    "xpath-injection": { title: "XPath Injection" },
+    "xss": { title: "XSS" },
+    "xxe": { title: "XXE" },
+};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@zerothreatai/vulnerability-registry",
-    "version": "2.0.0",
+    "version": "4.0.0",
     "description": "Centralized vulnerability definitions, CVSS scores, and references for ZeroThreat scanners",
     "main": "dist/index.js",
     "types": "dist/index.d.ts",

package/src/categories/authentication.js CHANGED Viewed

@@ -1,22 +1,20 @@
-"use strict";
 /**
  * Vulnerability Registry - Authentication & Access Control
  *
  * Definitions for JWT, Broken Access Control, and related issues
  */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AUTH_VULNERABILITIES = void 0;
-const error_codes_js_1 = require("../error-codes.js");
-exports.AUTH_VULNERABILITIES = {
+import { VulnerabilityCode } from '../error-codes.js';
+export const AUTH_VULNERABILITIES = {
     // ========================================
     // JWT VULNERABILITIES
     // ========================================
-    [error_codes_js_1.VulnerabilityCode.JWT_NONE_ALGORITHM]: {
+    [VulnerabilityCode.JWT_NONE_ALGORITHM]: {
         id: 57,
-        code: error_codes_js_1.VulnerabilityCode.JWT_NONE_ALGORITHM,
+        code: VulnerabilityCode.JWT_NONE_ALGORITHM,
         title: 'JWT Vulnerability - None Algorithm Attack',
         description: 'Critical JWT vulnerability where the server accepts tokens with "alg": "none" in the header, allowing attackers to forge valid tokens without knowing the secret key by simply removing the signature and modifying claims to impersonate any user including administrators.',
         severity: 'critical',
+        levelId: 1,
         category: 'authentication',
         scanner: 'jwt',
         cvss: {
@@ -32,12 +30,13 @@ exports.AUTH_VULNERABILITIES = {
         ],
         remediation: 'Explicitly specify allowed algorithms during JWT verification and reject "none". Use libraries that do not support "none" algorithm. Always validate the algorithm header against expected values.',
     },
-    [error_codes_js_1.VulnerabilityCode.JWT_WEAK_SECRET]: {
+    [VulnerabilityCode.JWT_WEAK_SECRET]: {
         id: 58,
-        code: error_codes_js_1.VulnerabilityCode.JWT_WEAK_SECRET,
+        code: VulnerabilityCode.JWT_WEAK_SECRET,
         title: 'JWT Vulnerability - Weak Secret Key',
         description: 'JWT implementation using a weak or common secret key for HMAC signature verification that can be brute-forced or found in common secret dictionaries, allowing attackers to forge arbitrary valid tokens and bypass authentication to access any user account.',
         severity: 'high',
+        levelId: 2,
         category: 'authentication',
         scanner: 'jwt',
         cvss: {
@@ -53,12 +52,13 @@ exports.AUTH_VULNERABILITIES = {
         ],
         remediation: 'Use cryptographically strong random secrets of at least 256 bits. Consider using asymmetric algorithms (RS256, ES256) instead of HMAC. Rotate secrets periodically.',
     },
-    [error_codes_js_1.VulnerabilityCode.JWT_KEY_CONFUSION]: {
+    [VulnerabilityCode.JWT_KEY_CONFUSION]: {
         id: 59,
-        code: error_codes_js_1.VulnerabilityCode.JWT_KEY_CONFUSION,
+        code: VulnerabilityCode.JWT_KEY_CONFUSION,
         title: 'JWT Vulnerability - Algorithm Confusion Attack',
         description: 'JWT key confusion vulnerability where the server public key can be used as an HMAC secret by switching the algorithm from RS256 to HS256, allowing attackers to forge valid tokens using the publicly available key to generate valid HMAC signatures.',
         severity: 'critical',
+        levelId: 1,
         category: 'authentication',
         scanner: 'jwt',
         cvss: {
@@ -77,12 +77,13 @@ exports.AUTH_VULNERABILITIES = {
     // ========================================
     // BROKEN ACCESS CONTROL
     // ========================================
-    [error_codes_js_1.VulnerabilityCode.BAC_ANONYMOUS_ACCESS]: {
+    [VulnerabilityCode.BAC_ANONYMOUS_ACCESS]: {
         id: 60,
-        code: error_codes_js_1.VulnerabilityCode.BAC_ANONYMOUS_ACCESS,
+        code: VulnerabilityCode.BAC_ANONYMOUS_ACCESS,
         title: 'Broken Access Control - Anonymous Access',
         description: 'Critical broken access control vulnerability where authenticated endpoints can be accessed without any authentication by simply removing auth headers or cookies, exposing sensitive functionality and data to unauthenticated attackers without any credential requirement.',
         severity: 'high',
+        levelId: 2,
         category: 'access_control',
         scanner: 'broken-access',
         cvss: {
@@ -98,12 +99,13 @@ exports.AUTH_VULNERABILITIES = {
         ],
         remediation: 'Enforce authentication checks on all protected endpoints. Implement deny-by-default access control. Verify authentication state server-side before processing any request.',
     },
-    [error_codes_js_1.VulnerabilityCode.BAC_IDOR]: {
+    [VulnerabilityCode.BAC_IDOR]: {
         id: 61,
-        code: error_codes_js_1.VulnerabilityCode.BAC_IDOR,
+        code: VulnerabilityCode.BAC_IDOR,
         title: 'Broken Access Control - Insecure Direct Object Reference',
         description: 'IDOR vulnerability where users can access or modify resources belonging to other users by manipulating predictable identifiers like sequential IDs in URLs or request parameters, without proper authorization checks verifying resource ownership.',
         severity: 'high',
+        levelId: 2,
         category: 'access_control',
         scanner: 'broken-access',
         cvss: {
@@ -119,12 +121,13 @@ exports.AUTH_VULNERABILITIES = {
         ],
         remediation: 'Implement proper authorization checks verifying resource ownership. Use unpredictable identifiers (UUIDs). Apply consistent access control policies across all endpoints.',
     },
-    [error_codes_js_1.VulnerabilityCode.BAC_VERTICAL_PRIVILEGE]: {
+    [VulnerabilityCode.BAC_VERTICAL_PRIVILEGE]: {
         id: 62,
-        code: error_codes_js_1.VulnerabilityCode.BAC_VERTICAL_PRIVILEGE,
+        code: VulnerabilityCode.BAC_VERTICAL_PRIVILEGE,
         title: 'Broken Access Control - Vertical Privilege Escalation',
         description: 'Vertical privilege escalation vulnerability allowing regular users to access or perform administrative functions by directly accessing admin endpoints or manipulating role/permission parameters, bypassing role-based access controls to gain elevated privileges.',
         severity: 'critical',
+        levelId: 1,
         category: 'access_control',
         scanner: 'broken-access',
         cvss: {
@@ -143,12 +146,13 @@ exports.AUTH_VULNERABILITIES = {
     // ========================================
     // MASS ASSIGNMENT
     // ========================================
-    [error_codes_js_1.VulnerabilityCode.MASSASSIGN_ROLE_ESCALATION]: {
+    [VulnerabilityCode.MASSASSIGN_ROLE_ESCALATION]: {
         id: 63,
-        code: error_codes_js_1.VulnerabilityCode.MASSASSIGN_ROLE_ESCALATION,
+        code: VulnerabilityCode.MASSASSIGN_ROLE_ESCALATION,
         title: 'Mass Assignment - Role Escalation',
         description: 'Mass assignment vulnerability allowing attackers to escalate privileges by including additional parameters like "role", "isAdmin", or "permissions" in requests that the application binds to user objects without proper allowlist filtering of settable fields.',
         severity: 'high',
+        levelId: 2,
         category: 'access_control',
         scanner: 'model-state',
         cvss: {
@@ -164,12 +168,13 @@ exports.AUTH_VULNERABILITIES = {
         ],
         remediation: 'Use allowlist of permitted fields for each endpoint. Implement separate DTOs for input binding. Never auto-bind request data to domain objects without explicit field selection.',
     },
-    [error_codes_js_1.VulnerabilityCode.MASSASSIGN_PROTOTYPE_POLLUTION]: {
+    [VulnerabilityCode.MASSASSIGN_PROTOTYPE_POLLUTION]: {
         id: 64,
-        code: error_codes_js_1.VulnerabilityCode.MASSASSIGN_PROTOTYPE_POLLUTION,
+        code: VulnerabilityCode.MASSASSIGN_PROTOTYPE_POLLUTION,
         title: 'Mass Assignment - Prototype Pollution',
         description: 'JavaScript prototype pollution vulnerability through mass assignment where attackers inject __proto__ or constructor.prototype properties that modify the Object prototype globally, potentially leading to denial of service, security bypass, or remote code execution.',
         severity: 'high',
+        levelId: 2,
         category: 'access_control',
         scanner: 'model-state',
         cvss: {
@@ -185,12 +190,13 @@ exports.AUTH_VULNERABILITIES = {
         ],
         remediation: 'Freeze Object.prototype. Use Object.create(null) for objects used as maps. Filter __proto__ and constructor properties from user input. Use --frozen-intrinsics Node.js flag.',
     },
-    [error_codes_js_1.VulnerabilityCode.JWT_EXPIRED_TOKEN]: {
+    [VulnerabilityCode.JWT_EXPIRED_TOKEN]: {
         id: 65,
-        code: error_codes_js_1.VulnerabilityCode.JWT_EXPIRED_TOKEN,
+        code: VulnerabilityCode.JWT_EXPIRED_TOKEN,
         title: 'JWT Vulnerability - Expired Token Accepted',
         description: 'JWT implementation does not properly validate token expiration (exp claim), accepting expired tokens that should be rejected. This allows attackers with previously captured tokens to reuse them indefinitely, maintaining unauthorized access without credential updates.',
         severity: 'medium',
+        levelId: 3,
         category: 'authentication',
         scanner: 'jwt',
         cvss: {
@@ -206,12 +212,13 @@ exports.AUTH_VULNERABILITIES = {
         ],
         remediation: 'Always validate exp claim during token verification. Set appropriate token lifetimes. Implement token refresh mechanisms. Use server-side session invalidation for immediate revocation.',
     },
-    [error_codes_js_1.VulnerabilityCode.JWT_MISSING_CLAIMS]: {
+    [VulnerabilityCode.JWT_MISSING_CLAIMS]: {
         id: 66,
-        code: error_codes_js_1.VulnerabilityCode.JWT_MISSING_CLAIMS,
+        code: VulnerabilityCode.JWT_MISSING_CLAIMS,
         title: 'JWT Vulnerability - Missing Required Claims',
         description: 'JWT tokens are missing critical security claims like exp (expiration), iat (issued at), nbf (not before), or iss (issuer), reducing the security guarantees of the token system and potentially allowing token reuse, replay attacks, or cross-tenant access.',
         severity: 'medium',
+        levelId: 3,
         category: 'authentication',
         scanner: 'jwt',
         cvss: {
@@ -227,12 +234,13 @@ exports.AUTH_VULNERABILITIES = {
         ],
         remediation: 'Include and validate all standard claims: exp, iat, nbf, iss, aud, sub. Define required claims for your application. Reject tokens missing mandatory claims.',
     },
-    [error_codes_js_1.VulnerabilityCode.BAC_HORIZONTAL_PRIVILEGE]: {
+    [VulnerabilityCode.BAC_HORIZONTAL_PRIVILEGE]: {
         id: 67,
-        code: error_codes_js_1.VulnerabilityCode.BAC_HORIZONTAL_PRIVILEGE,
+        code: VulnerabilityCode.BAC_HORIZONTAL_PRIVILEGE,
         title: 'Broken Access Control - Horizontal Privilege Escalation',
         description: 'Horizontal privilege escalation vulnerability where authenticated users can access data or perform actions belonging to other users at the same privilege level by manipulating user identifiers, object references, or session parameters without ownership verification.',
         severity: 'high',
+        levelId: 2,
         category: 'access_control',
         scanner: 'broken-access',
         cvss: {
@@ -248,12 +256,13 @@ exports.AUTH_VULNERABILITIES = {
         ],
         remediation: 'Implement record-level authorization checks. Verify resource ownership against the authenticated user session. Use indirect references that map to actual resources server-side.',
     },
-    [error_codes_js_1.VulnerabilityCode.MASSASSIGN_HIDDEN_FIELD]: {
+    [VulnerabilityCode.MASSASSIGN_HIDDEN_FIELD]: {
         id: 68,
-        code: error_codes_js_1.VulnerabilityCode.MASSASSIGN_HIDDEN_FIELD,
+        code: VulnerabilityCode.MASSASSIGN_HIDDEN_FIELD,
         title: 'Mass Assignment - Hidden Field Manipulation',
         description: 'Mass assignment vulnerability where attackers can modify hidden form fields or server-side computed values like price, discount, userId, or timestamp by including them in request bodies, bypassing UI restrictions to manipulate business logic or data integrity.',
         severity: 'medium',
+        levelId: 3,
         category: 'access_control',
         scanner: 'model-state',
         cvss: {
@@ -269,12 +278,13 @@ exports.AUTH_VULNERABILITIES = {
         ],
         remediation: 'Never trust client-provided values for server-computed fields. Use explicit DTOs with allowlisted fields. Recompute amounts, timestamps, and IDs server-side.',
     },
-    [error_codes_js_1.VulnerabilityCode.JWT_CLAIM_TAMPERING]: {
+    [VulnerabilityCode.JWT_CLAIM_TAMPERING]: {
         id: 131,
-        code: error_codes_js_1.VulnerabilityCode.JWT_CLAIM_TAMPERING,
+        code: VulnerabilityCode.JWT_CLAIM_TAMPERING,
         title: 'JWT - Claim Tampering',
         description: 'JWT claim tampering vulnerability where attackers can modify token claims such as roles, user IDs, or permissions and the server accepts the tampered token, enabling privilege escalation or unauthorized access.',
         severity: 'high',
+        levelId: 2,
         category: 'authentication',
         scanner: 'jwt',
         cvss: {
@@ -290,12 +300,13 @@ exports.AUTH_VULNERABILITIES = {
         ],
         remediation: 'Validate JWT signatures using strong algorithms and trusted keys. Reject unsigned or weakly signed tokens. Enforce claim validation and server-side authorization checks.',
     },
-    [error_codes_js_1.VulnerabilityCode.JWT_KID_INJECTION]: {
+    [VulnerabilityCode.JWT_KID_INJECTION]: {
         id: 132,
-        code: error_codes_js_1.VulnerabilityCode.JWT_KID_INJECTION,
+        code: VulnerabilityCode.JWT_KID_INJECTION,
         title: 'JWT - KID Header Injection',
         description: 'JWT key identifier (kid) injection vulnerability where attackers manipulate the kid header to influence key selection or file paths, potentially bypassing signature verification or loading attacker-controlled keys.',
         severity: 'high',
+        levelId: 2,
         category: 'authentication',
         scanner: 'jwt',
         cvss: {
@@ -311,12 +322,13 @@ exports.AUTH_VULNERABILITIES = {
         ],
         remediation: 'Avoid direct use of kid as a file path or URL. Use a strict allowlist of key IDs and map to known keys in configuration. Reject unexpected or oversized kid values.',
     },
-    [error_codes_js_1.VulnerabilityCode.JWT_JKU_INJECTION]: {
+    [VulnerabilityCode.JWT_JKU_INJECTION]: {
         id: 133,
-        code: error_codes_js_1.VulnerabilityCode.JWT_JKU_INJECTION,
+        code: VulnerabilityCode.JWT_JKU_INJECTION,
         title: 'JWT - JKU Header Injection',
         description: 'JWT JKU (JWK Set URL) header injection vulnerability where attackers can control the URL used to fetch signing keys, allowing them to supply their own keys and forge valid tokens.',
         severity: 'high',
+        levelId: 2,
         category: 'authentication',
         scanner: 'jwt',
         cvss: {
@@ -332,12 +344,13 @@ exports.AUTH_VULNERABILITIES = {
         ],
         remediation: 'Ignore untrusted JKU values or restrict to a strict allowlist of trusted JWKS endpoints. Pin keys or use local key material where possible.',
     },
-    [error_codes_js_1.VulnerabilityCode.JWT_EMBEDDED_JWK]: {
+    [VulnerabilityCode.JWT_EMBEDDED_JWK]: {
         id: 134,
-        code: error_codes_js_1.VulnerabilityCode.JWT_EMBEDDED_JWK,
+        code: VulnerabilityCode.JWT_EMBEDDED_JWK,
         title: 'JWT - Embedded JWK Injection',
         description: 'JWT embedded JWK vulnerability where attackers include their own JWK in the token header and the server accepts it as a trusted signing key, enabling forged tokens and authentication bypass.',
         severity: 'high',
+        levelId: 2,
         category: 'authentication',
         scanner: 'jwt',
         cvss: {
@@ -353,12 +366,13 @@ exports.AUTH_VULNERABILITIES = {
         ],
         remediation: 'Reject embedded JWKs from tokens unless explicitly required and validated against a trusted key set. Use pinned keys and strict header validation.',
     },
-    [error_codes_js_1.VulnerabilityCode.JWT_X5C_INJECTION]: {
+    [VulnerabilityCode.JWT_X5C_INJECTION]: {
         id: 135,
-        code: error_codes_js_1.VulnerabilityCode.JWT_X5C_INJECTION,
+        code: VulnerabilityCode.JWT_X5C_INJECTION,
         title: 'JWT - X5C Header Injection',
         description: 'JWT x5c header injection vulnerability where attackers provide an untrusted certificate chain, allowing them to influence key selection or bypass signature validation if certificate trust is not strictly enforced.',
         severity: 'high',
+        levelId: 2,
         category: 'authentication',
         scanner: 'jwt',
         cvss: {
@@ -375,4 +389,4 @@ exports.AUTH_VULNERABILITIES = {
         remediation: 'Ignore untrusted x5c headers or validate certificate chains against a trusted root store with strict policy. Prefer pinned public keys or JWKS allowlists.',
     },
 };
-exports.default = exports.AUTH_VULNERABILITIES;
+export default AUTH_VULNERABILITIES;