@zerothreatai/vulnerability-registry 9.0.5 → 9.0.7

package/dist-cjs/categories/authentication.js

@@ -391,5 +391,27 @@ exports.AUTH_VULNERABILITIES = {
         ],
         remediation: 'Ignore untrusted x5c headers or validate certificate chains against a trusted root store with strict policy. Prefer pinned public keys or JWKS allowlists.',
     },
+    [error_codes_js_1.VulnerabilityCode.AUTH_SESSION_NOT_INVALIDATED_ON_LOGOUT]: {
+        id: 117,
+        code: error_codes_js_1.VulnerabilityCode.AUTH_SESSION_NOT_INVALIDATED_ON_LOGOUT,
+        title: 'Session Remains Valid After Logout',
+        description: 'Application logout does not invalidate the authenticated server-side session or token. A previously captured authenticated session can be replayed after logout to regain access to protected functionality, allowing attackers with stolen or fixed session material to continue operating as the victim.',
+        severity: 'high',
+        levelId: 2,
+        category: 'authentication',
+        scanner: 'session-invalidation',
+        cvss: {
+            score: 7.1,
+            vector: 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N',
+            severity: 'HIGH',
+        },
+        cwe: [
+            { id: 'CWE-613', name: 'Insufficient Session Expiration', url: 'https://cwe.mitre.org/data/definitions/613.html' },
+        ],
+        owasp: [
+            { id: 'A07:2021', name: 'Identification and Authentication Failures', url: 'https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/' },
+        ],
+        remediation: 'Invalidate sessions and tokens server-side during logout. Rotate session identifiers after login and privilege changes. Ensure logout revokes all session artifacts that can restore authenticated access, including cookies and browser storage tokens.',
+    },
 };
 exports.default = exports.AUTH_VULNERABILITIES;

package/dist-cjs/categories/injection.js

@@ -780,5 +780,54 @@ exports.INJECTION_VULNERABILITIES = {
         ],
         remediation: 'Suppress detailed XPath error messages in production. Use safe XPath APIs and validation to prevent injection. Implement centralized error handling with generic responses.',
     },
+    // ========================================
+    // PATH PARAMETER INJECTION
+    // ========================================
+    [error_codes_js_1.VulnerabilityCode.PATH_PARAMETER_INJECTION]: {
+        id: 334,
+        code: error_codes_js_1.VulnerabilityCode.PATH_PARAMETER_INJECTION,
+        title: 'Path Parameter Injection',
+        description: 'Path parameter injection vulnerability detected where user-controlled path segments trigger server errors or internal detail leaks, indicating unsafe handling of dynamic path values that may enable injection or traversal behaviors.',
+        severity: 'medium',
+        levelId: 3,
+        category: 'injection',
+        scanner: 'model-state',
+        groupName: 'Injection',
+        cvss: {
+            score: 6.1,
+            vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N',
+            severity: 'MEDIUM',
+        },
+        cwe: [
+            { id: 'CWE-20', name: 'Improper Input Validation', url: 'https://cwe.mitre.org/data/definitions/20.html' },
+        ],
+        owasp: [
+            { id: 'A03:2021', name: 'Injection', url: 'https://owasp.org/Top10/A03_2021-Injection/' },
+        ],
+        remediation: 'Validate and constrain path parameters with allowlists or route constraints. Normalize and sanitize path inputs before use. Avoid passing raw path segments into file or query handlers.',
+    },
+    [error_codes_js_1.VulnerabilityCode.HPP_DUPLICATE_PARAMETER]: {
+        id: 335,
+        code: error_codes_js_1.VulnerabilityCode.HPP_DUPLICATE_PARAMETER,
+        title: 'HTTP Parameter Pollution',
+        description: 'HTTP parameter pollution vulnerability detected where duplicate query parameter keys trigger behavior distinct from both single-value control requests, indicating inconsistent duplicate-key handling that may enable logic bypasses or validation mismatches across components.',
+        severity: 'medium',
+        levelId: 3,
+        category: 'injection',
+        scanner: 'model-state',
+        groupName: 'HTTP Parameter Pollution',
+        cvss: {
+            score: 5.3,
+            vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N',
+            severity: 'MEDIUM',
+        },
+        cwe: [
+            { id: 'CWE-235', name: 'Improper Handling of Extra Parameters', url: 'https://cwe.mitre.org/data/definitions/235.html' },
+        ],
+        owasp: [
+            { id: 'A04:2021', name: 'Insecure Design', url: 'https://owasp.org/Top10/A04_2021-Insecure_Design/' },
+        ],
+        remediation: 'Reject unexpected duplicate parameters or canonicalize them consistently at the edge. Ensure upstream proxies, frameworks, and application code all apply the same duplicate-key handling rules. Prefer strict allowlists for security-sensitive parameters.',
+    },
 };
 exports.default = exports.INJECTION_VULNERABILITIES;

package/dist-cjs/categories/sensitive-data.js

@@ -0,0 +1,99 @@
+"use strict";
+/**
+ * Vulnerability Registry - Sensitive Data Exposure
+ *
+ * Definitions for high-confidence sensitive data exposures detected in content.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SENSITIVE_DATA_VULNERABILITIES = void 0;
+const error_codes_js_1 = require("../error-codes.js");
+const CWE_EXPOSURE = [
+    { id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
+];
+const OWASP_CRYPTO = [
+    { id: 'A02:2021', name: 'Cryptographic Failures', url: 'https://owasp.org/Top10/A02_2021-Cryptographic_Failures/' },
+];
+const CVSS_BY_SEVERITY = {
+    critical: { score: 9.1, vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N', severity: 'CRITICAL' },
+    high: { score: 7.5, vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N', severity: 'HIGH' },
+    medium: { score: 5.3, vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N', severity: 'MEDIUM' },
+    low: { score: 3.1, vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N', severity: 'LOW' },
+    info: { score: 0.0, vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N', severity: 'NONE' },
+};
+const LEVEL_BY_SEVERITY = {
+    critical: 1,
+    high: 2,
+    medium: 3,
+    low: 4,
+    info: 5,
+};
+const REMEDIATION = 'Remove secrets from client-visible responses, rotate any exposed keys, and store secrets in a secure vault. Implement response redaction and ensure sensitive data is never returned to unauthenticated users.';
+const SENSITIVE_DATA_DEFS = [
+    { id: 608, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_AWS_ACCESS_KEY_ID, title: 'AWS Access Key ID Exposed', description: 'Exposure of an AWS Access Key ID in response content may allow unauthorized access to AWS resources.', severity: 'critical' },
+    { id: 609, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_AWS_SECRET_ACCESS_KEY, title: 'AWS Secret Access Key Exposed', description: 'Exposure of an AWS Secret Access Key in response content may allow unauthorized access to AWS resources.', severity: 'critical' },
+    { id: 610, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_AWS_MWS_AUTH_TOKEN, title: 'Amazon MWS Auth Token Exposed', description: 'Exposure of an Amazon MWS auth token in response content may allow unauthorized access to merchant APIs.', severity: 'critical' },
+    { id: 611, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_GOOGLE_API_KEY, title: 'Google API Key Exposed', description: 'Exposure of a Google API key in response content may allow unauthorized access to Google APIs.', severity: 'high' },
+    { id: 612, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_GOOGLE_OAUTH_TOKEN, title: 'Google OAuth Token Exposed', description: 'Exposure of a Google OAuth token in response content may allow unauthorized access to Google user data.', severity: 'high' },
+    { id: 613, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_GOOGLE_CLOUD_PRIVATE_KEY_ID, title: 'Google Cloud Private Key ID Exposed', description: 'Exposure of a Google Cloud private key ID in response content may allow unauthorized access to GCP services.', severity: 'critical' },
+    { id: 614, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_GITHUB_PAT, title: 'GitHub Personal Access Token Exposed', description: 'Exposure of a GitHub personal access token in response content may allow unauthorized access to repositories and APIs.', severity: 'critical' },
+    { id: 615, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_GITHUB_OAUTH_TOKEN, title: 'GitHub OAuth Token Exposed', description: 'Exposure of a GitHub OAuth token in response content may allow unauthorized access to GitHub APIs.', severity: 'critical' },
+    { id: 616, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_GITHUB_APP_TOKEN, title: 'GitHub App Token Exposed', description: 'Exposure of a GitHub App token in response content may allow unauthorized access to GitHub APIs.', severity: 'critical' },
+    { id: 617, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_GITHUB_REFRESH_TOKEN, title: 'GitHub Refresh Token Exposed', description: 'Exposure of a GitHub refresh token in response content may allow long-term unauthorized access.', severity: 'critical' },
+    { id: 618, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_GITLAB_PAT, title: 'GitLab Personal Access Token Exposed', description: 'Exposure of a GitLab personal access token in response content may allow unauthorized access to GitLab APIs.', severity: 'critical' },
+    { id: 619, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_GITLAB_PIPELINE_TOKEN, title: 'GitLab Pipeline Token Exposed', description: 'Exposure of a GitLab pipeline trigger token in response content may allow unauthorized pipeline execution.', severity: 'critical' },
+    { id: 620, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_AZURE_STORAGE_ACCOUNT_KEY, title: 'Azure Storage Account Key Exposed', description: 'Exposure of an Azure Storage account key in response content may allow unauthorized access to storage resources.', severity: 'critical' },
+    { id: 621, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_STRIPE_SECRET_KEY, title: 'Stripe Secret Key Exposed', description: 'Exposure of a Stripe secret key in response content may allow unauthorized payment operations.', severity: 'critical' },
+    { id: 622, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_STRIPE_PUBLISHABLE_KEY, title: 'Stripe Publishable Key Exposed', description: 'Exposure of a Stripe publishable key in response content may allow public API usage and metadata exposure.', severity: 'medium' },
+    { id: 623, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_STRIPE_RESTRICTED_KEY, title: 'Stripe Restricted Key Exposed', description: 'Exposure of a Stripe restricted key in response content may allow unauthorized access to restricted Stripe APIs.', severity: 'critical' },
+    { id: 624, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_SLACK_TOKEN, title: 'Slack Token Exposed', description: 'Exposure of a Slack token in response content may allow unauthorized access to Slack workspaces.', severity: 'critical' },
+    { id: 625, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_SLACK_WEBHOOK, title: 'Slack Webhook Exposed', description: 'Exposure of a Slack webhook URL in response content may allow unauthorized message posting.', severity: 'high' },
+    { id: 626, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_DISCORD_BOT_TOKEN, title: 'Discord Bot Token Exposed', description: 'Exposure of a Discord bot token in response content may allow unauthorized bot control.', severity: 'critical' },
+    { id: 627, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_DISCORD_WEBHOOK, title: 'Discord Webhook Exposed', description: 'Exposure of a Discord webhook URL in response content may allow unauthorized message posting.', severity: 'high' },
+    { id: 628, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_TWILIO_ACCOUNT_SID, title: 'Twilio Account SID Exposed', description: 'Exposure of a Twilio Account SID in response content may allow account enumeration or targeted attacks.', severity: 'high' },
+    { id: 629, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_SENDGRID_API_KEY, title: 'SendGrid API Key Exposed', description: 'Exposure of a SendGrid API key in response content may allow unauthorized email sending.', severity: 'critical' },
+    { id: 630, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_MAILGUN_API_KEY, title: 'Mailgun API Key Exposed', description: 'Exposure of a Mailgun API key in response content may allow unauthorized email sending.', severity: 'critical' },
+    { id: 631, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_MAILCHIMP_API_KEY, title: 'Mailchimp API Key Exposed', description: 'Exposure of a Mailchimp API key in response content may allow unauthorized access to marketing data.', severity: 'critical' },
+    { id: 632, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_NPM_TOKEN, title: 'NPM Token Exposed', description: 'Exposure of an NPM access token in response content may allow unauthorized package publication or access.', severity: 'critical' },
+    { id: 633, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_PYPI_TOKEN, title: 'PyPI Token Exposed', description: 'Exposure of a PyPI API token in response content may allow unauthorized package publication or access.', severity: 'critical' },
+    { id: 634, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_RSA_PRIVATE_KEY, title: 'RSA Private Key Exposed', description: 'Exposure of an RSA private key in response content may allow unauthorized decryption or authentication.', severity: 'critical' },
+    { id: 635, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_OPENSSH_PRIVATE_KEY, title: 'OpenSSH Private Key Exposed', description: 'Exposure of an OpenSSH private key in response content may allow unauthorized server access.', severity: 'critical' },
+    { id: 636, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_DSA_PRIVATE_KEY, title: 'DSA Private Key Exposed', description: 'Exposure of a DSA private key in response content may allow unauthorized decryption or authentication.', severity: 'critical' },
+    { id: 637, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_EC_PRIVATE_KEY, title: 'EC Private Key Exposed', description: 'Exposure of an EC private key in response content may allow unauthorized decryption or authentication.', severity: 'critical' },
+    { id: 638, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_PGP_PRIVATE_KEY, title: 'PGP Private Key Exposed', description: 'Exposure of a PGP private key in response content may allow unauthorized decryption or signing.', severity: 'critical' },
+    { id: 639, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_ENCRYPTED_PRIVATE_KEY, title: 'Encrypted Private Key Exposed', description: 'Exposure of an encrypted private key in response content may allow offline brute force and key recovery.', severity: 'critical' },
+    { id: 640, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_MONGODB_URI, title: 'MongoDB Connection String Exposed', description: 'Exposure of a MongoDB connection string in response content may allow unauthorized database access.', severity: 'critical' },
+    { id: 641, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_POSTGRESQL_URI, title: 'PostgreSQL Connection String Exposed', description: 'Exposure of a PostgreSQL connection string in response content may allow unauthorized database access.', severity: 'critical' },
+    { id: 642, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_MYSQL_URI, title: 'MySQL Connection String Exposed', description: 'Exposure of a MySQL connection string in response content may allow unauthorized database access.', severity: 'critical' },
+    { id: 643, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_REDIS_URI, title: 'Redis Connection String Exposed', description: 'Exposure of a Redis connection string in response content may allow unauthorized database access.', severity: 'critical' },
+    { id: 644, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_MSSQL_URI, title: 'MSSQL Connection String Exposed', description: 'Exposure of a Microsoft SQL Server connection string in response content may allow unauthorized database access.', severity: 'critical' },
+    { id: 645, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_DIGITALOCEAN_TOKEN, title: 'DigitalOcean Token Exposed', description: 'Exposure of a DigitalOcean token in response content may allow unauthorized access to cloud resources.', severity: 'critical' },
+    { id: 646, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_ALIBABA_CLOUD_ACCESS_KEY, title: 'Alibaba Cloud Access Key Exposed', description: 'Exposure of an Alibaba Cloud access key in response content may allow unauthorized access to cloud resources.', severity: 'critical' },
+    { id: 647, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_SQUARE_ACCESS_TOKEN, title: 'Square Access Token Exposed', description: 'Exposure of a Square access token in response content may allow unauthorized payment operations.', severity: 'critical' },
+    { id: 648, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_SQUARE_OAUTH_SECRET, title: 'Square OAuth Secret Exposed', description: 'Exposure of a Square OAuth secret in response content may allow unauthorized access to Square APIs.', severity: 'critical' },
+    { id: 649, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_SHOPIFY_ACCESS_TOKEN, title: 'Shopify Access Token Exposed', description: 'Exposure of a Shopify access token in response content may allow unauthorized access to Shopify APIs.', severity: 'critical' },
+    { id: 650, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_SHOPIFY_CUSTOM_APP_TOKEN, title: 'Shopify Custom App Token Exposed', description: 'Exposure of a Shopify custom app token in response content may allow unauthorized access to Shopify APIs.', severity: 'critical' },
+    { id: 651, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_SHOPIFY_PRIVATE_APP_TOKEN, title: 'Shopify Private App Token Exposed', description: 'Exposure of a Shopify private app token in response content may allow unauthorized access to Shopify APIs.', severity: 'critical' },
+    { id: 652, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_SHOPIFY_SHARED_SECRET, title: 'Shopify Shared Secret Exposed', description: 'Exposure of a Shopify shared secret in response content may allow unauthorized access to Shopify integrations.', severity: 'critical' },
+    { id: 653, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_TELEGRAM_BOT_TOKEN, title: 'Telegram Bot Token Exposed', description: 'Exposure of a Telegram bot token in response content may allow unauthorized bot control.', severity: 'critical' },
+    { id: 654, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_OPENAI_API_KEY, title: 'OpenAI API Key Exposed', description: 'Exposure of an OpenAI API key in response content may allow unauthorized API usage.', severity: 'critical' },
+    { id: 655, code: error_codes_js_1.VulnerabilityCode.SENS_DATA_SENTRY_DSN, title: 'Sentry DSN Exposed', description: 'Exposure of a Sentry DSN in response content may allow unauthorized event submission.', severity: 'high' },
+];
+exports.SENSITIVE_DATA_VULNERABILITIES = Object.fromEntries(SENSITIVE_DATA_DEFS.map((def) => ([
+    def.code,
+    {
+        id: def.id,
+        code: def.code,
+        title: def.title,
+        description: def.description,
+        severity: def.severity,
+        levelId: LEVEL_BY_SEVERITY[def.severity],
+        category: 'information_disclosure',
+        scanner: 'sensitive-data',
+        groupName: 'Sensitive Data',
+        cvss: CVSS_BY_SEVERITY[def.severity],
+        cwe: CWE_EXPOSURE,
+        owasp: OWASP_CRYPTO,
+        remediation: REMEDIATION,
+    },
+])));
+exports.default = exports.SENSITIVE_DATA_VULNERABILITIES;

package/dist-cjs/categories/xss.js

@@ -340,4 +340,26 @@ exports.XSS_VULNERABILITIES = {
         ],
         remediation: 'Use v-text instead of v-html for user content. Never compile user input as Vue templates. Use vue-runtime-only build that does not include template compiler. Sanitize mustache syntax.',
     },
+    [error_codes_js_1.VulnerabilityCode.XSS_INSUFFICIENT_OUTPUT_ENCODING]: {
+        id: 415,
+        code: error_codes_js_1.VulnerabilityCode.XSS_INSUFFICIENT_OUTPUT_ENCODING,
+        title: 'Insufficient Output Encoding',
+        description: 'Special characters are reflected without proper encoding in the response. While no direct XSS exploitation was confirmed, the incomplete encoding of characters like quotes, ampersands, or parentheses indicates potential encoding gaps that could lead to vulnerabilities in different contexts.',
+        severity: 'info',
+        levelId: 5,
+        category: 'xss',
+        scanner: 'xss',
+        cvss: {
+            score: 2.6,
+            vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N',
+            severity: 'LOW',
+        },
+        cwe: [
+            { id: 'CWE-116', name: 'Improper Encoding or Escaping of Output', url: 'https://cwe.mitre.org/data/definitions/116.html' },
+        ],
+        owasp: [
+            { id: 'A03:2021', name: 'Injection', url: 'https://owasp.org/Top10/A03_2021-Injection/' },
+        ],
+        remediation: 'Implement comprehensive output encoding for all special characters including <, >, ", \', &, (, ), /, and \\. Use context-aware encoding based on the output location (HTML body, attributes, JavaScript, URL, CSS).',
+    },
 };

package/dist-cjs/compliances/compliance-by-vulnerabilities.js

@@ -7,35 +7,38 @@ const owasp_js_1 = require("./owasp.js");
 const pci_dss_js_1 = require("./pci-dss.js");
 const sans_top_25_js_1 = require("./sans-top-25.js");
 const iso27001_js_1 = require("./iso27001.js");
+const helpers_js_1 = require("./helpers.js");
+const pathInjectionIds = (0, helpers_js_1.idsByCodes)(['PATH_PARAMETER_INJECTION']);
+const uniqueIds = (ids) => Array.from(new Set(ids));
 exports.COMPLIANCE_BY_VULNERABILITIES = [
     {
         id: 3,
         title: 'GDPR',
-        vulnerabilities: [...gdpr_js_1.accessRestrictionIds, ...gdpr_js_1.allAppSecIds, ...gdpr_js_1.authAndCookieIds, ...gdpr_js_1.cryptoPolicyIds, ...gdpr_js_1.infoLeakageIds, ...gdpr_js_1.inputValidationIds, ...gdpr_js_1.outputValidationIds]
+        vulnerabilities: uniqueIds([...gdpr_js_1.accessRestrictionIds, ...gdpr_js_1.allAppSecIds, ...gdpr_js_1.authAndCookieIds, ...gdpr_js_1.cryptoPolicyIds, ...gdpr_js_1.infoLeakageIds, ...gdpr_js_1.inputValidationIds, ...gdpr_js_1.outputValidationIds, ...pathInjectionIds])
     },
     {
         id: 2,
         title: 'HIPAA',
-        vulnerabilities: [hipaa_js_1.accessControlIds, ...hipaa_js_1.allAppSecIds, ...hipaa_js_1.authAndCookieIds, ...hipaa_js_1.cryptoIds, ...hipaa_js_1.integrityIds]
+        vulnerabilities: uniqueIds([...hipaa_js_1.accessControlIds, ...hipaa_js_1.allAppSecIds, ...hipaa_js_1.authAndCookieIds, ...hipaa_js_1.cryptoIds, ...hipaa_js_1.integrityIds, ...pathInjectionIds])
     },
     {
         id: 1,
         title: 'OWASP',
-        vulnerabilities: [...owasp_js_1.owaspA1Ids, ...owasp_js_1.owaspA2Ids, ...owasp_js_1.owaspA3Ids, ...owasp_js_1.owaspA5Ids, ...owasp_js_1.owaspA7Ids, ...owasp_js_1.owaspA8Ids]
+        vulnerabilities: uniqueIds([...owasp_js_1.owaspA1Ids, ...owasp_js_1.owaspA2Ids, ...owasp_js_1.owaspA3Ids, ...owasp_js_1.owaspA5Ids, ...owasp_js_1.owaspA7Ids, ...owasp_js_1.owaspA8Ids, ...pathInjectionIds])
     },
     {
         id: 4,
         title: 'PCI-DSS',
-        vulnerabilities: [...pci_dss_js_1.allAppSecIds, ...pci_dss_js_1.misconfigIds, ...pci_dss_js_1.accessControlIds, ...pci_dss_js_1.cryptoIds, ...pci_dss_js_1.injectionAndXssIds, ...pci_dss_js_1.authAndCookieIds]
+        vulnerabilities: uniqueIds([...pci_dss_js_1.allAppSecIds, ...pci_dss_js_1.misconfigIds, ...pci_dss_js_1.accessControlIds, ...pci_dss_js_1.cryptoIds, ...pci_dss_js_1.injectionAndXssIds, ...pci_dss_js_1.authAndCookieIds, ...pathInjectionIds])
     },
     {
         id: 6,
         title: 'SANS Top 25',
-        vulnerabilities: [...sans_top_25_js_1.authIds, ...sans_top_25_js_1.accessControlIds, ...sans_top_25_js_1.cmdiIds, ...sans_top_25_js_1.deserializationIds, ...sans_top_25_js_1.disclosureIds, ...sans_top_25_js_1.injectionIds, ...sans_top_25_js_1.lfiIds, ...sans_top_25_js_1.sqliIds, ...sans_top_25_js_1.ssrfIds, ...sans_top_25_js_1.sstiIds, ...sans_top_25_js_1.xssIds]
+        vulnerabilities: uniqueIds([...sans_top_25_js_1.authIds, ...sans_top_25_js_1.accessControlIds, ...sans_top_25_js_1.cmdiIds, ...sans_top_25_js_1.deserializationIds, ...sans_top_25_js_1.disclosureIds, ...sans_top_25_js_1.injectionIds, ...sans_top_25_js_1.lfiIds, ...sans_top_25_js_1.sqliIds, ...sans_top_25_js_1.ssrfIds, ...sans_top_25_js_1.sstiIds, ...sans_top_25_js_1.xssIds, ...pathInjectionIds])
     },
     {
         id: 5,
         title: 'ISO 27001',
-        vulnerabilities: [...iso27001_js_1.isoAccessControlIds, ...iso27001_js_1.isoCryptoIds, ...iso27001_js_1.isoOpsSecurityIds, ...iso27001_js_1.isoCommunicationsSecurityIds, ...iso27001_js_1.isoSecureDevelopmentIds, ...iso27001_js_1.isoComplianceIds]
+        vulnerabilities: uniqueIds([...iso27001_js_1.isoAccessControlIds, ...iso27001_js_1.isoCryptoIds, ...iso27001_js_1.isoOpsSecurityIds, ...iso27001_js_1.isoCommunicationsSecurityIds, ...iso27001_js_1.isoSecureDevelopmentIds, ...iso27001_js_1.isoComplianceIds, ...pathInjectionIds])
     }
 ];

package/dist-cjs/compliances/gdpr.js

@@ -5,7 +5,8 @@ const compliance_codes_js_1 = require("../compliance-codes.js");
 const types_js_1 = require("../types.js");
 const helpers_js_1 = require("./helpers.js");
 const authIds = (0, helpers_js_1.idsByCategory)('authentication');
-const injectionIds = (0, helpers_js_1.idsByCategory)('injection');
+const pathInjectionIds = (0, helpers_js_1.idsByCodes)(['PATH_PARAMETER_INJECTION']);
+const injectionIds = (0, helpers_js_1.mergeIds)((0, helpers_js_1.idsByCategory)('injection'), pathInjectionIds);
 const xssIds = (0, helpers_js_1.idsByCategory)('xss');
 const ssrfIds = (0, helpers_js_1.idsByCategory)('ssrf');
 const configIds = (0, helpers_js_1.idsByCategory)('configuration');

package/dist-cjs/compliances/hipaa.js

@@ -5,7 +5,8 @@ const compliance_codes_js_1 = require("../compliance-codes.js");
 const types_js_1 = require("../types.js");
 const helpers_js_1 = require("./helpers.js");
 const authIds = (0, helpers_js_1.idsByCategory)('authentication');
-const injectionIds = (0, helpers_js_1.idsByCategory)('injection');
+const pathInjectionIds = (0, helpers_js_1.idsByCodes)(['PATH_PARAMETER_INJECTION']);
+const injectionIds = (0, helpers_js_1.mergeIds)((0, helpers_js_1.idsByCategory)('injection'), pathInjectionIds);
 const xssIds = (0, helpers_js_1.idsByCategory)('xss');
 const ssrfIds = (0, helpers_js_1.idsByCategory)('ssrf');
 const configIds = (0, helpers_js_1.idsByCategory)('configuration');

package/dist-cjs/compliances/iso27001.js

@@ -5,7 +5,8 @@ const compliance_codes_js_1 = require("../compliance-codes.js");
 const types_js_1 = require("../types.js");
 const helpers_js_1 = require("./helpers.js");
 const authIds = (0, helpers_js_1.idsByCategory)('authentication');
-const injectionIds = (0, helpers_js_1.idsByCategory)('injection');
+const pathInjectionIds = (0, helpers_js_1.idsByCodes)(['PATH_PARAMETER_INJECTION']);
+const injectionIds = (0, helpers_js_1.mergeIds)((0, helpers_js_1.idsByCategory)('injection'), pathInjectionIds);
 const xssIds = (0, helpers_js_1.idsByCategory)('xss');
 const ssrfIds = (0, helpers_js_1.idsByCategory)('ssrf');
 const configIds = (0, helpers_js_1.idsByCategory)('configuration');

package/dist-cjs/compliances/owasp.js

@@ -5,7 +5,8 @@ const compliance_codes_js_1 = require("../compliance-codes.js");
 const types_js_1 = require("../types.js");
 const helpers_js_1 = require("./helpers.js");
 const authIds = (0, helpers_js_1.idsByCategory)('authentication');
-const injectionIds = (0, helpers_js_1.idsByCategory)('injection');
+const pathInjectionIds = (0, helpers_js_1.idsByCodes)(['PATH_PARAMETER_INJECTION']);
+const injectionIds = (0, helpers_js_1.mergeIds)((0, helpers_js_1.idsByCategory)('injection'), pathInjectionIds);
 const xssIds = (0, helpers_js_1.idsByCategory)('xss');
 const ssrfIds = (0, helpers_js_1.idsByCategory)('ssrf');
 const configIds = (0, helpers_js_1.idsByCategory)('configuration');

package/dist-cjs/compliances/pci-dss.js

@@ -5,7 +5,8 @@ const compliance_codes_js_1 = require("../compliance-codes.js");
 const types_js_1 = require("../types.js");
 const helpers_js_1 = require("./helpers.js");
 const authIds = (0, helpers_js_1.idsByCategory)('authentication');
-const injectionIds = (0, helpers_js_1.idsByCategory)('injection');
+const pathInjectionIds = (0, helpers_js_1.idsByCodes)(['PATH_PARAMETER_INJECTION']);
+const injectionIds = (0, helpers_js_1.mergeIds)((0, helpers_js_1.idsByCategory)('injection'), pathInjectionIds);
 const xssIds = (0, helpers_js_1.idsByCategory)('xss');
 const ssrfIds = (0, helpers_js_1.idsByCategory)('ssrf');
 const configIds = (0, helpers_js_1.idsByCategory)('configuration');

package/dist-cjs/compliances/sans-top-25.js

@@ -5,7 +5,7 @@ const compliance_codes_js_1 = require("../compliance-codes.js");
 const types_js_1 = require("../types.js");
 const helpers_js_1 = require("./helpers.js");
 exports.authIds = (0, helpers_js_1.idsByCategory)('authentication');
-exports.injectionIds = (0, helpers_js_1.idsByCategory)('injection');
+exports.injectionIds = (0, helpers_js_1.mergeIds)((0, helpers_js_1.idsByCategory)('injection'), (0, helpers_js_1.idsByCodePrefix)(['PATH_PARAMETER_INJECTION']));
 exports.xssIds = (0, helpers_js_1.idsByCategory)('xss');
 exports.ssrfIds = (0, helpers_js_1.idsByCategory)('ssrf');
 exports.disclosureIds = (0, helpers_js_1.idsByCategory)('information_disclosure');

package/dist-cjs/error-codes.js

@@ -18,6 +18,10 @@ var VulnerabilityCode;
     VulnerabilityCode["SQLI_STACK_BASED"] = "SQLI_STACK_BASED";
     VulnerabilityCode["SQLI_UNION_BASED"] = "SQLI_UNION_BASED";
     // ========================================
+    // PATH INJECTION (PATH_*)
+    // ========================================
+    VulnerabilityCode["PATH_PARAMETER_INJECTION"] = "PATH_PARAMETER_INJECTION";
+    // ========================================
     // CROSS-SITE SCRIPTING (XSS_*)
     // ========================================
     VulnerabilityCode["XSS_REFLECTED"] = "XSS_REFLECTED";
@@ -35,6 +39,7 @@ var VulnerabilityCode;
     VulnerabilityCode["XSS_CSP_BYPASS"] = "XSS_CSP_BYPASS";
     VulnerabilityCode["XSS_TEMPLATE_LITERAL"] = "XSS_TEMPLATE_LITERAL";
     VulnerabilityCode["XSS_MUTATION_BASED"] = "XSS_MUTATION_BASED";
+    VulnerabilityCode["XSS_INSUFFICIENT_OUTPUT_ENCODING"] = "XSS_INSUFFICIENT_OUTPUT_ENCODING";
     // ========================================
     // COMMAND INJECTION (CMDI_*)
     // ========================================
@@ -100,6 +105,7 @@ var VulnerabilityCode;
     VulnerabilityCode["JWT_JKU_INJECTION"] = "JWT_JKU_INJECTION";
     VulnerabilityCode["JWT_EMBEDDED_JWK"] = "JWT_EMBEDDED_JWK";
     VulnerabilityCode["JWT_X5C_INJECTION"] = "JWT_X5C_INJECTION";
+    VulnerabilityCode["AUTH_SESSION_NOT_INVALIDATED_ON_LOGOUT"] = "AUTH_SESSION_NOT_INVALIDATED_ON_LOGOUT";
     // ========================================
     // OPEN REDIRECT (REDIRECT_*)
     // ========================================
@@ -203,6 +209,7 @@ var VulnerabilityCode;
     VulnerabilityCode["MASSASSIGN_PROTOTYPE_POLLUTION"] = "MASSASSIGN_PROTOTYPE_POLLUTION";
     VulnerabilityCode["MASSASSIGN_ROLE_ESCALATION"] = "MASSASSIGN_ROLE_ESCALATION";
     VulnerabilityCode["MASSASSIGN_HIDDEN_FIELD"] = "MASSASSIGN_HIDDEN_FIELD";
+    VulnerabilityCode["HPP_DUPLICATE_PARAMETER"] = "HPP_DUPLICATE_PARAMETER";
     // ========================================
     // DESERIALIZATION (DESER_*)
     // ========================================
@@ -345,6 +352,57 @@ var VulnerabilityCode;
     VulnerabilityCode["SENS_LOW_SERVERLESS_CONFIG_EXPOSED"] = "SENS_LOW_SERVERLESS_CONFIG_EXPOSED";
     VulnerabilityCode["SENS_LOW_CLOUD_FORMATION_TEMPLATE_EXPOSED"] = "SENS_LOW_CLOUD_FORMATION_TEMPLATE_EXPOSED";
     // ========================================
+    // SENSITIVE DATA EXPOSURE (SENS_DATA_*)
+    // ========================================
+    VulnerabilityCode["SENS_DATA_AWS_ACCESS_KEY_ID"] = "SENS_DATA_AWS_ACCESS_KEY_ID";
+    VulnerabilityCode["SENS_DATA_AWS_SECRET_ACCESS_KEY"] = "SENS_DATA_AWS_SECRET_ACCESS_KEY";
+    VulnerabilityCode["SENS_DATA_AWS_MWS_AUTH_TOKEN"] = "SENS_DATA_AWS_MWS_AUTH_TOKEN";
+    VulnerabilityCode["SENS_DATA_GOOGLE_API_KEY"] = "SENS_DATA_GOOGLE_API_KEY";
+    VulnerabilityCode["SENS_DATA_GOOGLE_OAUTH_TOKEN"] = "SENS_DATA_GOOGLE_OAUTH_TOKEN";
+    VulnerabilityCode["SENS_DATA_GOOGLE_CLOUD_PRIVATE_KEY_ID"] = "SENS_DATA_GOOGLE_CLOUD_PRIVATE_KEY_ID";
+    VulnerabilityCode["SENS_DATA_GITHUB_PAT"] = "SENS_DATA_GITHUB_PAT";
+    VulnerabilityCode["SENS_DATA_GITHUB_OAUTH_TOKEN"] = "SENS_DATA_GITHUB_OAUTH_TOKEN";
+    VulnerabilityCode["SENS_DATA_GITHUB_APP_TOKEN"] = "SENS_DATA_GITHUB_APP_TOKEN";
+    VulnerabilityCode["SENS_DATA_GITHUB_REFRESH_TOKEN"] = "SENS_DATA_GITHUB_REFRESH_TOKEN";
+    VulnerabilityCode["SENS_DATA_GITLAB_PAT"] = "SENS_DATA_GITLAB_PAT";
+    VulnerabilityCode["SENS_DATA_GITLAB_PIPELINE_TOKEN"] = "SENS_DATA_GITLAB_PIPELINE_TOKEN";
+    VulnerabilityCode["SENS_DATA_AZURE_STORAGE_ACCOUNT_KEY"] = "SENS_DATA_AZURE_STORAGE_ACCOUNT_KEY";
+    VulnerabilityCode["SENS_DATA_STRIPE_SECRET_KEY"] = "SENS_DATA_STRIPE_SECRET_KEY";
+    VulnerabilityCode["SENS_DATA_STRIPE_PUBLISHABLE_KEY"] = "SENS_DATA_STRIPE_PUBLISHABLE_KEY";
+    VulnerabilityCode["SENS_DATA_STRIPE_RESTRICTED_KEY"] = "SENS_DATA_STRIPE_RESTRICTED_KEY";
+    VulnerabilityCode["SENS_DATA_SLACK_TOKEN"] = "SENS_DATA_SLACK_TOKEN";
+    VulnerabilityCode["SENS_DATA_SLACK_WEBHOOK"] = "SENS_DATA_SLACK_WEBHOOK";
+    VulnerabilityCode["SENS_DATA_DISCORD_BOT_TOKEN"] = "SENS_DATA_DISCORD_BOT_TOKEN";
+    VulnerabilityCode["SENS_DATA_DISCORD_WEBHOOK"] = "SENS_DATA_DISCORD_WEBHOOK";
+    VulnerabilityCode["SENS_DATA_TWILIO_ACCOUNT_SID"] = "SENS_DATA_TWILIO_ACCOUNT_SID";
+    VulnerabilityCode["SENS_DATA_SENDGRID_API_KEY"] = "SENS_DATA_SENDGRID_API_KEY";
+    VulnerabilityCode["SENS_DATA_MAILGUN_API_KEY"] = "SENS_DATA_MAILGUN_API_KEY";
+    VulnerabilityCode["SENS_DATA_MAILCHIMP_API_KEY"] = "SENS_DATA_MAILCHIMP_API_KEY";
+    VulnerabilityCode["SENS_DATA_NPM_TOKEN"] = "SENS_DATA_NPM_TOKEN";
+    VulnerabilityCode["SENS_DATA_PYPI_TOKEN"] = "SENS_DATA_PYPI_TOKEN";
+    VulnerabilityCode["SENS_DATA_RSA_PRIVATE_KEY"] = "SENS_DATA_RSA_PRIVATE_KEY";
+    VulnerabilityCode["SENS_DATA_OPENSSH_PRIVATE_KEY"] = "SENS_DATA_OPENSSH_PRIVATE_KEY";
+    VulnerabilityCode["SENS_DATA_DSA_PRIVATE_KEY"] = "SENS_DATA_DSA_PRIVATE_KEY";
+    VulnerabilityCode["SENS_DATA_EC_PRIVATE_KEY"] = "SENS_DATA_EC_PRIVATE_KEY";
+    VulnerabilityCode["SENS_DATA_PGP_PRIVATE_KEY"] = "SENS_DATA_PGP_PRIVATE_KEY";
+    VulnerabilityCode["SENS_DATA_ENCRYPTED_PRIVATE_KEY"] = "SENS_DATA_ENCRYPTED_PRIVATE_KEY";
+    VulnerabilityCode["SENS_DATA_MONGODB_URI"] = "SENS_DATA_MONGODB_URI";
+    VulnerabilityCode["SENS_DATA_POSTGRESQL_URI"] = "SENS_DATA_POSTGRESQL_URI";
+    VulnerabilityCode["SENS_DATA_MYSQL_URI"] = "SENS_DATA_MYSQL_URI";
+    VulnerabilityCode["SENS_DATA_REDIS_URI"] = "SENS_DATA_REDIS_URI";
+    VulnerabilityCode["SENS_DATA_MSSQL_URI"] = "SENS_DATA_MSSQL_URI";
+    VulnerabilityCode["SENS_DATA_DIGITALOCEAN_TOKEN"] = "SENS_DATA_DIGITALOCEAN_TOKEN";
+    VulnerabilityCode["SENS_DATA_ALIBABA_CLOUD_ACCESS_KEY"] = "SENS_DATA_ALIBABA_CLOUD_ACCESS_KEY";
+    VulnerabilityCode["SENS_DATA_SQUARE_ACCESS_TOKEN"] = "SENS_DATA_SQUARE_ACCESS_TOKEN";
+    VulnerabilityCode["SENS_DATA_SQUARE_OAUTH_SECRET"] = "SENS_DATA_SQUARE_OAUTH_SECRET";
+    VulnerabilityCode["SENS_DATA_SHOPIFY_ACCESS_TOKEN"] = "SENS_DATA_SHOPIFY_ACCESS_TOKEN";
+    VulnerabilityCode["SENS_DATA_SHOPIFY_CUSTOM_APP_TOKEN"] = "SENS_DATA_SHOPIFY_CUSTOM_APP_TOKEN";
+    VulnerabilityCode["SENS_DATA_SHOPIFY_PRIVATE_APP_TOKEN"] = "SENS_DATA_SHOPIFY_PRIVATE_APP_TOKEN";
+    VulnerabilityCode["SENS_DATA_SHOPIFY_SHARED_SECRET"] = "SENS_DATA_SHOPIFY_SHARED_SECRET";
+    VulnerabilityCode["SENS_DATA_TELEGRAM_BOT_TOKEN"] = "SENS_DATA_TELEGRAM_BOT_TOKEN";
+    VulnerabilityCode["SENS_DATA_OPENAI_API_KEY"] = "SENS_DATA_OPENAI_API_KEY";
+    VulnerabilityCode["SENS_DATA_SENTRY_DSN"] = "SENS_DATA_SENTRY_DSN";
+    // ========================================
     // CLICKJACKING (CLICK_*)
     // ========================================
     VulnerabilityCode["CLICK_FRAMEABLE"] = "CLICK_FRAMEABLE";

package/dist-cjs/index.js

@@ -5,7 +5,7 @@
  * Exports all vulnerability codes, definitions, and lookup utilities
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.COMPLIANCE_BY_VULNERABILITIES = exports.SCANNER_REGISTRY = exports.CATEGORY_REGISTRY = exports.ISO27001_COMPLIANCE = exports.SANS_TOP_25_COMPLIANCE = exports.PCI_DSS_COMPLIANCE = exports.GDPR_COMPLIANCE = exports.HIPAA_COMPLIANCE = exports.OWASP_COMPLIANCE = exports.VULNERABILITY_REGISTRY = exports.SENSITIVE_PATH_VULNERABILITIES = exports.CONFIG_VULNERABILITIES = exports.AUTH_VULNERABILITIES = exports.SSRF_VULNERABILITIES = exports.XSS_VULNERABILITIES = exports.INJECTION_VULNERABILITIES = exports.VulnerabilityCode = void 0;
+exports.COMPLIANCE_BY_VULNERABILITIES = exports.SCANNER_REGISTRY = exports.CATEGORY_REGISTRY = exports.ISO27001_COMPLIANCE = exports.SANS_TOP_25_COMPLIANCE = exports.PCI_DSS_COMPLIANCE = exports.GDPR_COMPLIANCE = exports.HIPAA_COMPLIANCE = exports.OWASP_COMPLIANCE = exports.VULNERABILITY_REGISTRY = exports.SENSITIVE_DATA_VULNERABILITIES = exports.SENSITIVE_PATH_VULNERABILITIES = exports.CONFIG_VULNERABILITIES = exports.AUTH_VULNERABILITIES = exports.SSRF_VULNERABILITIES = exports.XSS_VULNERABILITIES = exports.INJECTION_VULNERABILITIES = exports.VulnerabilityCode = void 0;
 exports.getVulnerabilityDefinition = getVulnerabilityDefinition;
 exports.getVulnerabilitiesByScanner = getVulnerabilitiesByScanner;
 exports.getVulnerabilitiesByCategory = getVulnerabilitiesByCategory;
@@ -28,6 +28,8 @@ const configuration_js_1 = require("./categories/configuration.js");
 Object.defineProperty(exports, "CONFIG_VULNERABILITIES", { enumerable: true, get: function () { return configuration_js_1.CONFIG_VULNERABILITIES; } });
 const sensitive_paths_js_1 = require("./categories/sensitive-paths.js");
 Object.defineProperty(exports, "SENSITIVE_PATH_VULNERABILITIES", { enumerable: true, get: function () { return sensitive_paths_js_1.SENSITIVE_PATH_VULNERABILITIES; } });
+const sensitive_data_js_1 = require("./categories/sensitive-data.js");
+Object.defineProperty(exports, "SENSITIVE_DATA_VULNERABILITIES", { enumerable: true, get: function () { return sensitive_data_js_1.SENSITIVE_DATA_VULNERABILITIES; } });
 const category_js_1 = require("./category.js");
 Object.defineProperty(exports, "CATEGORY_REGISTRY", { enumerable: true, get: function () { return category_js_1.CATEGORY_REGISTRY; } });
 const scanner_js_1 = require("./scanner.js");

package/dist-cjs/registry.js

@@ -7,6 +7,7 @@ const ssrf_js_1 = require("./categories/ssrf.js");
 const authentication_js_1 = require("./categories/authentication.js");
 const configuration_js_1 = require("./categories/configuration.js");
 const sensitive_paths_js_1 = require("./categories/sensitive-paths.js");
+const sensitive_data_js_1 = require("./categories/sensitive-data.js");
 /**
  * Complete vulnerability registry combining all categories.
  * Kept in a standalone module to avoid circular imports with compliances.
@@ -68,6 +69,7 @@ exports.VULNERABILITY_REGISTRY = Object.fromEntries(Object.entries({
     ...authentication_js_1.AUTH_VULNERABILITIES,
     ...configuration_js_1.CONFIG_VULNERABILITIES,
     ...sensitive_paths_js_1.SENSITIVE_PATH_VULNERABILITIES,
+    ...sensitive_data_js_1.SENSITIVE_DATA_VULNERABILITIES,
 }).map(([code, definition]) => ([
     code,
     {

package/dist-cjs/scanner.js

@@ -16,6 +16,7 @@ exports.SCANNER_REGISTRY = {
     "redirect-route": { title: "Redirect Route" },
     "security-headers": { title: "Security Headers" },
     "sensitive-path-scout": { title: "Sensitive Path Scout" },
+    "sensitive-data": { title: "Sensitive Data Detection" },
     "sql-injection": { title: "SQL Injection" },
     "ssrf": { title: "SSRF" },
     "ssti": { title: "SSTI" },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zerothreatai/vulnerability-registry",
-  "version": "9.0.5",
+  "version": "9.0.7",
   "description": "Centralized vulnerability definitions, CVSS scores, and references for ZeroThreat scanners",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/categories/authentication.ts

@@ -385,11 +385,11 @@ export const AUTH_VULNERABILITIES: Record<string, VulnerabilityDefinitionInput>
         remediation: 'Reject embedded JWKs from tokens unless explicitly required and validated against a trusted key set. Use pinned keys and strict header validation.',
     },
 
-    [VulnerabilityCode.JWT_X5C_INJECTION]: {
-        id: 116,
-        code: VulnerabilityCode.JWT_X5C_INJECTION,
-        title: 'JWT X5C Header Injection',
-        description: 'JWT x5c header injection vulnerability where attackers provide an untrusted certificate chain, allowing them to influence key selection or bypass signature validation if certificate trust is not strictly enforced.',
+    [VulnerabilityCode.JWT_X5C_INJECTION]: {
+        id: 116,
+        code: VulnerabilityCode.JWT_X5C_INJECTION,
+        title: 'JWT X5C Header Injection',
+        description: 'JWT x5c header injection vulnerability where attackers provide an untrusted certificate chain, allowing them to influence key selection or bypass signature validation if certificate trust is not strictly enforced.',
         severity: 'high',
         levelId: 2,
         category: 'authentication',
@@ -404,9 +404,32 @@ export const AUTH_VULNERABILITIES: Record<string, VulnerabilityDefinitionInput>
         ],
         owasp: [
             { id: 'A07:2021', name: 'Identification and Authentication Failures', url: 'https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/' },
-        ],
-        remediation: 'Ignore untrusted x5c headers or validate certificate chains against a trusted root store with strict policy. Prefer pinned public keys or JWKS allowlists.',
-    },
-};
-
-export default AUTH_VULNERABILITIES;
+        ],
+        remediation: 'Ignore untrusted x5c headers or validate certificate chains against a trusted root store with strict policy. Prefer pinned public keys or JWKS allowlists.',
+    },
+
+    [VulnerabilityCode.AUTH_SESSION_NOT_INVALIDATED_ON_LOGOUT]: {
+        id: 117,
+        code: VulnerabilityCode.AUTH_SESSION_NOT_INVALIDATED_ON_LOGOUT,
+        title: 'Session Remains Valid After Logout',
+        description: 'Application logout does not invalidate the authenticated server-side session or token. A previously captured authenticated session can be replayed after logout to regain access to protected functionality, allowing attackers with stolen or fixed session material to continue operating as the victim.',
+        severity: 'high',
+        levelId: 2,
+        category: 'authentication',
+        scanner: 'session-invalidation',
+        cvss: {
+            score: 7.1,
+            vector: 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N',
+            severity: 'HIGH',
+        },
+        cwe: [
+            { id: 'CWE-613', name: 'Insufficient Session Expiration', url: 'https://cwe.mitre.org/data/definitions/613.html' },
+        ],
+        owasp: [
+            { id: 'A07:2021', name: 'Identification and Authentication Failures', url: 'https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/' },
+        ],
+        remediation: 'Invalidate sessions and tokens server-side during logout. Rotate session identifiers after login and privilege changes. Ensure logout revokes all session artifacts that can restore authenticated access, including cookies and browser storage tokens.',
+    },
+};
+
+export default AUTH_VULNERABILITIES;