@zerothreatai/vulnerability-registry 9.0.6 → 9.0.7

package/dist/categories/authentication.js

@@ -388,5 +388,27 @@ export const AUTH_VULNERABILITIES = {
         ],
         remediation: 'Ignore untrusted x5c headers or validate certificate chains against a trusted root store with strict policy. Prefer pinned public keys or JWKS allowlists.',
     },
+    [VulnerabilityCode.AUTH_SESSION_NOT_INVALIDATED_ON_LOGOUT]: {
+        id: 117,
+        code: VulnerabilityCode.AUTH_SESSION_NOT_INVALIDATED_ON_LOGOUT,
+        title: 'Session Remains Valid After Logout',
+        description: 'Application logout does not invalidate the authenticated server-side session or token. A previously captured authenticated session can be replayed after logout to regain access to protected functionality, allowing attackers with stolen or fixed session material to continue operating as the victim.',
+        severity: 'high',
+        levelId: 2,
+        category: 'authentication',
+        scanner: 'session-invalidation',
+        cvss: {
+            score: 7.1,
+            vector: 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N',
+            severity: 'HIGH',
+        },
+        cwe: [
+            { id: 'CWE-613', name: 'Insufficient Session Expiration', url: 'https://cwe.mitre.org/data/definitions/613.html' },
+        ],
+        owasp: [
+            { id: 'A07:2021', name: 'Identification and Authentication Failures', url: 'https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/' },
+        ],
+        remediation: 'Invalidate sessions and tokens server-side during logout. Rotate session identifiers after login and privilege changes. Ensure logout revokes all session artifacts that can restore authenticated access, including cookies and browser storage tokens.',
+    },
 };
 export default AUTH_VULNERABILITIES;

package/dist/categories/injection.js

@@ -803,5 +803,28 @@ export const INJECTION_VULNERABILITIES = {
         ],
         remediation: 'Validate and constrain path parameters with allowlists or route constraints. Normalize and sanitize path inputs before use. Avoid passing raw path segments into file or query handlers.',
     },
+    [VulnerabilityCode.HPP_DUPLICATE_PARAMETER]: {
+        id: 335,
+        code: VulnerabilityCode.HPP_DUPLICATE_PARAMETER,
+        title: 'HTTP Parameter Pollution',
+        description: 'HTTP parameter pollution vulnerability detected where duplicate query parameter keys trigger behavior distinct from both single-value control requests, indicating inconsistent duplicate-key handling that may enable logic bypasses or validation mismatches across components.',
+        severity: 'medium',
+        levelId: 3,
+        category: 'injection',
+        scanner: 'model-state',
+        groupName: 'HTTP Parameter Pollution',
+        cvss: {
+            score: 5.3,
+            vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N',
+            severity: 'MEDIUM',
+        },
+        cwe: [
+            { id: 'CWE-235', name: 'Improper Handling of Extra Parameters', url: 'https://cwe.mitre.org/data/definitions/235.html' },
+        ],
+        owasp: [
+            { id: 'A04:2021', name: 'Insecure Design', url: 'https://owasp.org/Top10/A04_2021-Insecure_Design/' },
+        ],
+        remediation: 'Reject unexpected duplicate parameters or canonicalize them consistently at the edge. Ensure upstream proxies, frameworks, and application code all apply the same duplicate-key handling rules. Prefer strict allowlists for security-sensitive parameters.',
+    },
 };
 export default INJECTION_VULNERABILITIES;

package/dist/categories/xss.js

@@ -337,4 +337,26 @@ export const XSS_VULNERABILITIES = {
         ],
         remediation: 'Use v-text instead of v-html for user content. Never compile user input as Vue templates. Use vue-runtime-only build that does not include template compiler. Sanitize mustache syntax.',
     },
+    [VulnerabilityCode.XSS_INSUFFICIENT_OUTPUT_ENCODING]: {
+        id: 415,
+        code: VulnerabilityCode.XSS_INSUFFICIENT_OUTPUT_ENCODING,
+        title: 'Insufficient Output Encoding',
+        description: 'Special characters are reflected without proper encoding in the response. While no direct XSS exploitation was confirmed, the incomplete encoding of characters like quotes, ampersands, or parentheses indicates potential encoding gaps that could lead to vulnerabilities in different contexts.',
+        severity: 'info',
+        levelId: 5,
+        category: 'xss',
+        scanner: 'xss',
+        cvss: {
+            score: 2.6,
+            vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N',
+            severity: 'LOW',
+        },
+        cwe: [
+            { id: 'CWE-116', name: 'Improper Encoding or Escaping of Output', url: 'https://cwe.mitre.org/data/definitions/116.html' },
+        ],
+        owasp: [
+            { id: 'A03:2021', name: 'Injection', url: 'https://owasp.org/Top10/A03_2021-Injection/' },
+        ],
+        remediation: 'Implement comprehensive output encoding for all special characters including <, >, ", \', &, (, ), /, and \\. Use context-aware encoding based on the output location (HTML body, attributes, JavaScript, URL, CSS).',
+    },
 };

package/dist/error-codes.d.ts

@@ -26,6 +26,7 @@ export declare enum VulnerabilityCode {
     XSS_CSP_BYPASS = "XSS_CSP_BYPASS",
     XSS_TEMPLATE_LITERAL = "XSS_TEMPLATE_LITERAL",
     XSS_MUTATION_BASED = "XSS_MUTATION_BASED",
+    XSS_INSUFFICIENT_OUTPUT_ENCODING = "XSS_INSUFFICIENT_OUTPUT_ENCODING",
     CMDI_OOB_CONFIRMED = "CMDI_OOB_CONFIRMED",
     CMDI_REFLECTED = "CMDI_REFLECTED",
     CMDI_TIME_BASED = "CMDI_TIME_BASED",
@@ -70,6 +71,7 @@ export declare enum VulnerabilityCode {
     JWT_JKU_INJECTION = "JWT_JKU_INJECTION",
     JWT_EMBEDDED_JWK = "JWT_EMBEDDED_JWK",
     JWT_X5C_INJECTION = "JWT_X5C_INJECTION",
+    AUTH_SESSION_NOT_INVALIDATED_ON_LOGOUT = "AUTH_SESSION_NOT_INVALIDATED_ON_LOGOUT",
     REDIRECT_HEADER_INJECTION = "REDIRECT_HEADER_INJECTION",
     REDIRECT_META_REFRESH = "REDIRECT_META_REFRESH",
     REDIRECT_JS_NAVIGATION = "REDIRECT_JS_NAVIGATION",
@@ -155,6 +157,7 @@ export declare enum VulnerabilityCode {
     MASSASSIGN_PROTOTYPE_POLLUTION = "MASSASSIGN_PROTOTYPE_POLLUTION",
     MASSASSIGN_ROLE_ESCALATION = "MASSASSIGN_ROLE_ESCALATION",
     MASSASSIGN_HIDDEN_FIELD = "MASSASSIGN_HIDDEN_FIELD",
+    HPP_DUPLICATE_PARAMETER = "HPP_DUPLICATE_PARAMETER",
     DESER_JAVA = "DESER_JAVA",
     DESER_PHP = "DESER_PHP",
     DESER_PYTHON = "DESER_PYTHON",

package/dist/error-codes.js

@@ -36,6 +36,7 @@ export var VulnerabilityCode;
     VulnerabilityCode["XSS_CSP_BYPASS"] = "XSS_CSP_BYPASS";
     VulnerabilityCode["XSS_TEMPLATE_LITERAL"] = "XSS_TEMPLATE_LITERAL";
     VulnerabilityCode["XSS_MUTATION_BASED"] = "XSS_MUTATION_BASED";
+    VulnerabilityCode["XSS_INSUFFICIENT_OUTPUT_ENCODING"] = "XSS_INSUFFICIENT_OUTPUT_ENCODING";
     // ========================================
     // COMMAND INJECTION (CMDI_*)
     // ========================================
@@ -101,6 +102,7 @@ export var VulnerabilityCode;
     VulnerabilityCode["JWT_JKU_INJECTION"] = "JWT_JKU_INJECTION";
     VulnerabilityCode["JWT_EMBEDDED_JWK"] = "JWT_EMBEDDED_JWK";
     VulnerabilityCode["JWT_X5C_INJECTION"] = "JWT_X5C_INJECTION";
+    VulnerabilityCode["AUTH_SESSION_NOT_INVALIDATED_ON_LOGOUT"] = "AUTH_SESSION_NOT_INVALIDATED_ON_LOGOUT";
     // ========================================
     // OPEN REDIRECT (REDIRECT_*)
     // ========================================
@@ -204,6 +206,7 @@ export var VulnerabilityCode;
     VulnerabilityCode["MASSASSIGN_PROTOTYPE_POLLUTION"] = "MASSASSIGN_PROTOTYPE_POLLUTION";
     VulnerabilityCode["MASSASSIGN_ROLE_ESCALATION"] = "MASSASSIGN_ROLE_ESCALATION";
     VulnerabilityCode["MASSASSIGN_HIDDEN_FIELD"] = "MASSASSIGN_HIDDEN_FIELD";
+    VulnerabilityCode["HPP_DUPLICATE_PARAMETER"] = "HPP_DUPLICATE_PARAMETER";
     // ========================================
     // DESERIALIZATION (DESER_*)
     // ========================================

package/dist-cjs/categories/authentication.js

@@ -391,5 +391,27 @@ exports.AUTH_VULNERABILITIES = {
         ],
         remediation: 'Ignore untrusted x5c headers or validate certificate chains against a trusted root store with strict policy. Prefer pinned public keys or JWKS allowlists.',
     },
+    [error_codes_js_1.VulnerabilityCode.AUTH_SESSION_NOT_INVALIDATED_ON_LOGOUT]: {
+        id: 117,
+        code: error_codes_js_1.VulnerabilityCode.AUTH_SESSION_NOT_INVALIDATED_ON_LOGOUT,
+        title: 'Session Remains Valid After Logout',
+        description: 'Application logout does not invalidate the authenticated server-side session or token. A previously captured authenticated session can be replayed after logout to regain access to protected functionality, allowing attackers with stolen or fixed session material to continue operating as the victim.',
+        severity: 'high',
+        levelId: 2,
+        category: 'authentication',
+        scanner: 'session-invalidation',
+        cvss: {
+            score: 7.1,
+            vector: 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N',
+            severity: 'HIGH',
+        },
+        cwe: [
+            { id: 'CWE-613', name: 'Insufficient Session Expiration', url: 'https://cwe.mitre.org/data/definitions/613.html' },
+        ],
+        owasp: [
+            { id: 'A07:2021', name: 'Identification and Authentication Failures', url: 'https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/' },
+        ],
+        remediation: 'Invalidate sessions and tokens server-side during logout. Rotate session identifiers after login and privilege changes. Ensure logout revokes all session artifacts that can restore authenticated access, including cookies and browser storage tokens.',
+    },
 };
 exports.default = exports.AUTH_VULNERABILITIES;

package/dist-cjs/categories/injection.js

@@ -806,5 +806,28 @@ exports.INJECTION_VULNERABILITIES = {
         ],
         remediation: 'Validate and constrain path parameters with allowlists or route constraints. Normalize and sanitize path inputs before use. Avoid passing raw path segments into file or query handlers.',
     },
+    [error_codes_js_1.VulnerabilityCode.HPP_DUPLICATE_PARAMETER]: {
+        id: 335,
+        code: error_codes_js_1.VulnerabilityCode.HPP_DUPLICATE_PARAMETER,
+        title: 'HTTP Parameter Pollution',
+        description: 'HTTP parameter pollution vulnerability detected where duplicate query parameter keys trigger behavior distinct from both single-value control requests, indicating inconsistent duplicate-key handling that may enable logic bypasses or validation mismatches across components.',
+        severity: 'medium',
+        levelId: 3,
+        category: 'injection',
+        scanner: 'model-state',
+        groupName: 'HTTP Parameter Pollution',
+        cvss: {
+            score: 5.3,
+            vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N',
+            severity: 'MEDIUM',
+        },
+        cwe: [
+            { id: 'CWE-235', name: 'Improper Handling of Extra Parameters', url: 'https://cwe.mitre.org/data/definitions/235.html' },
+        ],
+        owasp: [
+            { id: 'A04:2021', name: 'Insecure Design', url: 'https://owasp.org/Top10/A04_2021-Insecure_Design/' },
+        ],
+        remediation: 'Reject unexpected duplicate parameters or canonicalize them consistently at the edge. Ensure upstream proxies, frameworks, and application code all apply the same duplicate-key handling rules. Prefer strict allowlists for security-sensitive parameters.',
+    },
 };
 exports.default = exports.INJECTION_VULNERABILITIES;

package/dist-cjs/categories/xss.js

@@ -340,4 +340,26 @@ exports.XSS_VULNERABILITIES = {
         ],
         remediation: 'Use v-text instead of v-html for user content. Never compile user input as Vue templates. Use vue-runtime-only build that does not include template compiler. Sanitize mustache syntax.',
     },
+    [error_codes_js_1.VulnerabilityCode.XSS_INSUFFICIENT_OUTPUT_ENCODING]: {
+        id: 415,
+        code: error_codes_js_1.VulnerabilityCode.XSS_INSUFFICIENT_OUTPUT_ENCODING,
+        title: 'Insufficient Output Encoding',
+        description: 'Special characters are reflected without proper encoding in the response. While no direct XSS exploitation was confirmed, the incomplete encoding of characters like quotes, ampersands, or parentheses indicates potential encoding gaps that could lead to vulnerabilities in different contexts.',
+        severity: 'info',
+        levelId: 5,
+        category: 'xss',
+        scanner: 'xss',
+        cvss: {
+            score: 2.6,
+            vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N',
+            severity: 'LOW',
+        },
+        cwe: [
+            { id: 'CWE-116', name: 'Improper Encoding or Escaping of Output', url: 'https://cwe.mitre.org/data/definitions/116.html' },
+        ],
+        owasp: [
+            { id: 'A03:2021', name: 'Injection', url: 'https://owasp.org/Top10/A03_2021-Injection/' },
+        ],
+        remediation: 'Implement comprehensive output encoding for all special characters including <, >, ", \', &, (, ), /, and \\. Use context-aware encoding based on the output location (HTML body, attributes, JavaScript, URL, CSS).',
+    },
 };

package/dist-cjs/error-codes.js

@@ -39,6 +39,7 @@ var VulnerabilityCode;
     VulnerabilityCode["XSS_CSP_BYPASS"] = "XSS_CSP_BYPASS";
     VulnerabilityCode["XSS_TEMPLATE_LITERAL"] = "XSS_TEMPLATE_LITERAL";
     VulnerabilityCode["XSS_MUTATION_BASED"] = "XSS_MUTATION_BASED";
+    VulnerabilityCode["XSS_INSUFFICIENT_OUTPUT_ENCODING"] = "XSS_INSUFFICIENT_OUTPUT_ENCODING";
     // ========================================
     // COMMAND INJECTION (CMDI_*)
     // ========================================
@@ -104,6 +105,7 @@ var VulnerabilityCode;
     VulnerabilityCode["JWT_JKU_INJECTION"] = "JWT_JKU_INJECTION";
     VulnerabilityCode["JWT_EMBEDDED_JWK"] = "JWT_EMBEDDED_JWK";
     VulnerabilityCode["JWT_X5C_INJECTION"] = "JWT_X5C_INJECTION";
+    VulnerabilityCode["AUTH_SESSION_NOT_INVALIDATED_ON_LOGOUT"] = "AUTH_SESSION_NOT_INVALIDATED_ON_LOGOUT";
     // ========================================
     // OPEN REDIRECT (REDIRECT_*)
     // ========================================
@@ -207,6 +209,7 @@ var VulnerabilityCode;
     VulnerabilityCode["MASSASSIGN_PROTOTYPE_POLLUTION"] = "MASSASSIGN_PROTOTYPE_POLLUTION";
     VulnerabilityCode["MASSASSIGN_ROLE_ESCALATION"] = "MASSASSIGN_ROLE_ESCALATION";
     VulnerabilityCode["MASSASSIGN_HIDDEN_FIELD"] = "MASSASSIGN_HIDDEN_FIELD";
+    VulnerabilityCode["HPP_DUPLICATE_PARAMETER"] = "HPP_DUPLICATE_PARAMETER";
     // ========================================
     // DESERIALIZATION (DESER_*)
     // ========================================

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zerothreatai/vulnerability-registry",
-  "version": "9.0.6",
+  "version": "9.0.7",
   "description": "Centralized vulnerability definitions, CVSS scores, and references for ZeroThreat scanners",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/categories/authentication.ts

@@ -385,11 +385,11 @@ export const AUTH_VULNERABILITIES: Record<string, VulnerabilityDefinitionInput>
         remediation: 'Reject embedded JWKs from tokens unless explicitly required and validated against a trusted key set. Use pinned keys and strict header validation.',
     },
 
-    [VulnerabilityCode.JWT_X5C_INJECTION]: {
-        id: 116,
-        code: VulnerabilityCode.JWT_X5C_INJECTION,
-        title: 'JWT X5C Header Injection',
-        description: 'JWT x5c header injection vulnerability where attackers provide an untrusted certificate chain, allowing them to influence key selection or bypass signature validation if certificate trust is not strictly enforced.',
+    [VulnerabilityCode.JWT_X5C_INJECTION]: {
+        id: 116,
+        code: VulnerabilityCode.JWT_X5C_INJECTION,
+        title: 'JWT X5C Header Injection',
+        description: 'JWT x5c header injection vulnerability where attackers provide an untrusted certificate chain, allowing them to influence key selection or bypass signature validation if certificate trust is not strictly enforced.',
         severity: 'high',
         levelId: 2,
         category: 'authentication',
@@ -404,9 +404,32 @@ export const AUTH_VULNERABILITIES: Record<string, VulnerabilityDefinitionInput>
         ],
         owasp: [
             { id: 'A07:2021', name: 'Identification and Authentication Failures', url: 'https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/' },
-        ],
-        remediation: 'Ignore untrusted x5c headers or validate certificate chains against a trusted root store with strict policy. Prefer pinned public keys or JWKS allowlists.',
-    },
-};
-
-export default AUTH_VULNERABILITIES;
+        ],
+        remediation: 'Ignore untrusted x5c headers or validate certificate chains against a trusted root store with strict policy. Prefer pinned public keys or JWKS allowlists.',
+    },
+
+    [VulnerabilityCode.AUTH_SESSION_NOT_INVALIDATED_ON_LOGOUT]: {
+        id: 117,
+        code: VulnerabilityCode.AUTH_SESSION_NOT_INVALIDATED_ON_LOGOUT,
+        title: 'Session Remains Valid After Logout',
+        description: 'Application logout does not invalidate the authenticated server-side session or token. A previously captured authenticated session can be replayed after logout to regain access to protected functionality, allowing attackers with stolen or fixed session material to continue operating as the victim.',
+        severity: 'high',
+        levelId: 2,
+        category: 'authentication',
+        scanner: 'session-invalidation',
+        cvss: {
+            score: 7.1,
+            vector: 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N',
+            severity: 'HIGH',
+        },
+        cwe: [
+            { id: 'CWE-613', name: 'Insufficient Session Expiration', url: 'https://cwe.mitre.org/data/definitions/613.html' },
+        ],
+        owasp: [
+            { id: 'A07:2021', name: 'Identification and Authentication Failures', url: 'https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/' },
+        ],
+        remediation: 'Invalidate sessions and tokens server-side during logout. Rotate session identifiers after login and privilege changes. Ensure logout revokes all session artifacts that can restore authenticated access, including cookies and browser storage tokens.',
+    },
+};
+
+export default AUTH_VULNERABILITIES;

package/src/categories/injection.ts

@@ -840,6 +840,30 @@ export const INJECTION_VULNERABILITIES: Record<string, VulnerabilityDefinitionIn
         ],
         remediation: 'Validate and constrain path parameters with allowlists or route constraints. Normalize and sanitize path inputs before use. Avoid passing raw path segments into file or query handlers.',
     },
+
+    [VulnerabilityCode.HPP_DUPLICATE_PARAMETER]: {
+        id: 335,
+        code: VulnerabilityCode.HPP_DUPLICATE_PARAMETER,
+        title: 'HTTP Parameter Pollution',
+        description: 'HTTP parameter pollution vulnerability detected where duplicate query parameter keys trigger behavior distinct from both single-value control requests, indicating inconsistent duplicate-key handling that may enable logic bypasses or validation mismatches across components.',
+        severity: 'medium',
+        levelId: 3,
+        category: 'injection',
+        scanner: 'model-state',
+        groupName: 'HTTP Parameter Pollution',
+        cvss: {
+            score: 5.3,
+            vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N',
+            severity: 'MEDIUM',
+        },
+        cwe: [
+            { id: 'CWE-235', name: 'Improper Handling of Extra Parameters', url: 'https://cwe.mitre.org/data/definitions/235.html' },
+        ],
+        owasp: [
+            { id: 'A04:2021', name: 'Insecure Design', url: 'https://owasp.org/Top10/A04_2021-Insecure_Design/' },
+        ],
+        remediation: 'Reject unexpected duplicate parameters or canonicalize them consistently at the edge. Ensure upstream proxies, frameworks, and application code all apply the same duplicate-key handling rules. Prefer strict allowlists for security-sensitive parameters.',
+    },
 };
 
 export default INJECTION_VULNERABILITIES;

package/src/categories/xss.ts

@@ -354,4 +354,27 @@ export const XSS_VULNERABILITIES: Record<string, VulnerabilityDefinitionInput> =
         ],
         remediation: 'Use v-text instead of v-html for user content. Never compile user input as Vue templates. Use vue-runtime-only build that does not include template compiler. Sanitize mustache syntax.',
     },
+
+    [VulnerabilityCode.XSS_INSUFFICIENT_OUTPUT_ENCODING]: {
+        id: 415,
+        code: VulnerabilityCode.XSS_INSUFFICIENT_OUTPUT_ENCODING,
+        title: 'Insufficient Output Encoding',
+        description: 'Special characters are reflected without proper encoding in the response. While no direct XSS exploitation was confirmed, the incomplete encoding of characters like quotes, ampersands, or parentheses indicates potential encoding gaps that could lead to vulnerabilities in different contexts.',
+        severity: 'info',
+        levelId: 5,
+        category: 'xss',
+        scanner: 'xss',
+        cvss: {
+            score: 2.6,
+            vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N',
+            severity: 'LOW',
+        },
+        cwe: [
+            { id: 'CWE-116', name: 'Improper Encoding or Escaping of Output', url: 'https://cwe.mitre.org/data/definitions/116.html' },
+        ],
+        owasp: [
+            { id: 'A03:2021', name: 'Injection', url: 'https://owasp.org/Top10/A03_2021-Injection/' },
+        ],
+        remediation: 'Implement comprehensive output encoding for all special characters including <, >, ", \', &, (, ), /, and \\. Use context-aware encoding based on the output location (HTML body, attributes, JavaScript, URL, CSS).',
+    },
 };

package/src/error-codes.ts

@@ -12,17 +12,17 @@ export enum VulnerabilityCode {
     SQLI_ERROR_BASED = 'SQLI_ERROR_BASED',
     SQLI_BOOLEAN_BASED = 'SQLI_BOOLEAN_BASED',
     SQLI_TIME_BASED = 'SQLI_TIME_BASED',
-    SQLI_STACK_BASED = 'SQLI_STACK_BASED',
-    SQLI_UNION_BASED = 'SQLI_UNION_BASED',
-
-    // ========================================
-    // PATH INJECTION (PATH_*)
-    // ========================================
-    PATH_PARAMETER_INJECTION = 'PATH_PARAMETER_INJECTION',
-
-    // ========================================
-    // CROSS-SITE SCRIPTING (XSS_*)
-    // ========================================
+    SQLI_STACK_BASED = 'SQLI_STACK_BASED',
+    SQLI_UNION_BASED = 'SQLI_UNION_BASED',
+
+    // ========================================
+    // PATH INJECTION (PATH_*)
+    // ========================================
+    PATH_PARAMETER_INJECTION = 'PATH_PARAMETER_INJECTION',
+
+    // ========================================
+    // CROSS-SITE SCRIPTING (XSS_*)
+    // ========================================
     XSS_REFLECTED = 'XSS_REFLECTED',
     XSS_STORED = 'XSS_STORED',
     XSS_DOM_BASED = 'XSS_DOM_BASED',
@@ -38,6 +38,7 @@ export enum VulnerabilityCode {
     XSS_CSP_BYPASS = 'XSS_CSP_BYPASS',
     XSS_TEMPLATE_LITERAL = 'XSS_TEMPLATE_LITERAL',
     XSS_MUTATION_BASED = 'XSS_MUTATION_BASED',
+    XSS_INSUFFICIENT_OUTPUT_ENCODING = 'XSS_INSUFFICIENT_OUTPUT_ENCODING',
 
     // ========================================
     // COMMAND INJECTION (CMDI_*)
@@ -106,13 +107,14 @@ export enum VulnerabilityCode {
     JWT_EXPIRED_TOKEN = 'JWT_EXPIRED_TOKEN',
     JWT_MISSING_CLAIMS = 'JWT_MISSING_CLAIMS',
     JWT_CLAIM_TAMPERING = 'JWT_CLAIM_TAMPERING',
-    JWT_KID_INJECTION = 'JWT_KID_INJECTION',
-    JWT_JKU_INJECTION = 'JWT_JKU_INJECTION',
-    JWT_EMBEDDED_JWK = 'JWT_EMBEDDED_JWK',
-    JWT_X5C_INJECTION = 'JWT_X5C_INJECTION',
-
-    // ========================================
-    // OPEN REDIRECT (REDIRECT_*)
+    JWT_KID_INJECTION = 'JWT_KID_INJECTION',
+    JWT_JKU_INJECTION = 'JWT_JKU_INJECTION',
+    JWT_EMBEDDED_JWK = 'JWT_EMBEDDED_JWK',
+    JWT_X5C_INJECTION = 'JWT_X5C_INJECTION',
+    AUTH_SESSION_NOT_INVALIDATED_ON_LOGOUT = 'AUTH_SESSION_NOT_INVALIDATED_ON_LOGOUT',
+
+    // ========================================
+    // OPEN REDIRECT (REDIRECT_*)
     // ========================================
     REDIRECT_HEADER_INJECTION = 'REDIRECT_HEADER_INJECTION',
     REDIRECT_META_REFRESH = 'REDIRECT_META_REFRESH',
@@ -133,36 +135,36 @@ export enum VulnerabilityCode {
     HEADER_MISSING_HSTS = 'HEADER_MISSING_HSTS',
     HEADER_MISSING_XFRAME = 'HEADER_MISSING_XFRAME',
     HEADER_MISSING_XCONTENT_TYPE = 'HEADER_MISSING_XCONTENT_TYPE',
-    HEADER_MISSING_XSS_PROTECTION = 'HEADER_MISSING_XSS_PROTECTION',
-    HEADER_MISSING_REFERRER_POLICY = 'HEADER_MISSING_REFERRER_POLICY',
-    HEADER_MISSING_PERMISSIONS_POLICY = 'HEADER_MISSING_PERMISSIONS_POLICY',
-    HEADER_WEAK_CSP = 'HEADER_WEAK_CSP',
-    HEADER_CSP_REPORT_ONLY = 'HEADER_CSP_REPORT_ONLY',
-    HEADER_CSP_WEAK_DIRECTIVES = 'HEADER_CSP_WEAK_DIRECTIVES',
-    HEADER_CSP_DATA_URI_SCRIPT = 'HEADER_CSP_DATA_URI_SCRIPT',
-    HEADER_CSP_BLOB_URI_SCRIPT = 'HEADER_CSP_BLOB_URI_SCRIPT',
-    HEADER_CSP_WILDCARD_DEFAULT = 'HEADER_CSP_WILDCARD_DEFAULT',
-    HEADER_CSP_NO_BASE_URI = 'HEADER_CSP_NO_BASE_URI',
-    HEADER_CSP_NO_OBJECT_SRC = 'HEADER_CSP_NO_OBJECT_SRC',
-    HEADER_CSP_NO_FRAME_ANCESTORS = 'HEADER_CSP_NO_FRAME_ANCESTORS',
-    HEADER_CORS_MISCONFIGURED = 'HEADER_CORS_MISCONFIGURED',
-    HEADER_CORS_STAR_WITH_CREDENTIALS = 'HEADER_CORS_STAR_WITH_CREDENTIALS',
-    HEADER_CORS_ORIGIN_REFLECT_NO_VARY = 'HEADER_CORS_ORIGIN_REFLECT_NO_VARY',
-    HEADER_CORS_NULL_ORIGIN = 'HEADER_CORS_NULL_ORIGIN',
-    HEADER_CORS_WILDCARD_SUBDOMAIN = 'HEADER_CORS_WILDCARD_SUBDOMAIN',
-    HEADER_COEP_WITHOUT_COOP = 'HEADER_COEP_WITHOUT_COOP',
-    HEADER_CORP_UNUSUAL = 'HEADER_CORP_UNUSUAL',
-    HEADER_EXPECT_CT_PRESENT = 'HEADER_EXPECT_CT_PRESENT',
-    HEADER_SERVER_HEADER_PRESENT = 'HEADER_SERVER_HEADER_PRESENT',
-    HEADER_X_POWERED_BY_PRESENT = 'HEADER_X_POWERED_BY_PRESENT',
-    HEADER_X_XSS_PROTECTION_ENABLED = 'HEADER_X_XSS_PROTECTION_ENABLED',
-    HEADER_XCONTENT_TYPE_INVALID = 'HEADER_XCONTENT_TYPE_INVALID',
-    HEADER_REFERRER_POLICY_UNSAFE = 'HEADER_REFERRER_POLICY_UNSAFE',
-    HEADER_HSTS_BAD_MAX_AGE = 'HEADER_HSTS_BAD_MAX_AGE',
-    HEADER_HSTS_SHORT_MAX_AGE = 'HEADER_HSTS_SHORT_MAX_AGE',
-    HEADER_HSTS_NO_INCLUDESUBDOMAINS = 'HEADER_HSTS_NO_INCLUDESUBDOMAINS',
-    HEADER_HSTS_PRELOAD_LOW_MAX_AGE = 'HEADER_HSTS_PRELOAD_LOW_MAX_AGE',
-    COOKIE_SAMESITE_NONE_WITHOUT_SECURE = 'COOKIE_SAMESITE_NONE_WITHOUT_SECURE',
+    HEADER_MISSING_XSS_PROTECTION = 'HEADER_MISSING_XSS_PROTECTION',
+    HEADER_MISSING_REFERRER_POLICY = 'HEADER_MISSING_REFERRER_POLICY',
+    HEADER_MISSING_PERMISSIONS_POLICY = 'HEADER_MISSING_PERMISSIONS_POLICY',
+    HEADER_WEAK_CSP = 'HEADER_WEAK_CSP',
+    HEADER_CSP_REPORT_ONLY = 'HEADER_CSP_REPORT_ONLY',
+    HEADER_CSP_WEAK_DIRECTIVES = 'HEADER_CSP_WEAK_DIRECTIVES',
+    HEADER_CSP_DATA_URI_SCRIPT = 'HEADER_CSP_DATA_URI_SCRIPT',
+    HEADER_CSP_BLOB_URI_SCRIPT = 'HEADER_CSP_BLOB_URI_SCRIPT',
+    HEADER_CSP_WILDCARD_DEFAULT = 'HEADER_CSP_WILDCARD_DEFAULT',
+    HEADER_CSP_NO_BASE_URI = 'HEADER_CSP_NO_BASE_URI',
+    HEADER_CSP_NO_OBJECT_SRC = 'HEADER_CSP_NO_OBJECT_SRC',
+    HEADER_CSP_NO_FRAME_ANCESTORS = 'HEADER_CSP_NO_FRAME_ANCESTORS',
+    HEADER_CORS_MISCONFIGURED = 'HEADER_CORS_MISCONFIGURED',
+    HEADER_CORS_STAR_WITH_CREDENTIALS = 'HEADER_CORS_STAR_WITH_CREDENTIALS',
+    HEADER_CORS_ORIGIN_REFLECT_NO_VARY = 'HEADER_CORS_ORIGIN_REFLECT_NO_VARY',
+    HEADER_CORS_NULL_ORIGIN = 'HEADER_CORS_NULL_ORIGIN',
+    HEADER_CORS_WILDCARD_SUBDOMAIN = 'HEADER_CORS_WILDCARD_SUBDOMAIN',
+    HEADER_COEP_WITHOUT_COOP = 'HEADER_COEP_WITHOUT_COOP',
+    HEADER_CORP_UNUSUAL = 'HEADER_CORP_UNUSUAL',
+    HEADER_EXPECT_CT_PRESENT = 'HEADER_EXPECT_CT_PRESENT',
+    HEADER_SERVER_HEADER_PRESENT = 'HEADER_SERVER_HEADER_PRESENT',
+    HEADER_X_POWERED_BY_PRESENT = 'HEADER_X_POWERED_BY_PRESENT',
+    HEADER_X_XSS_PROTECTION_ENABLED = 'HEADER_X_XSS_PROTECTION_ENABLED',
+    HEADER_XCONTENT_TYPE_INVALID = 'HEADER_XCONTENT_TYPE_INVALID',
+    HEADER_REFERRER_POLICY_UNSAFE = 'HEADER_REFERRER_POLICY_UNSAFE',
+    HEADER_HSTS_BAD_MAX_AGE = 'HEADER_HSTS_BAD_MAX_AGE',
+    HEADER_HSTS_SHORT_MAX_AGE = 'HEADER_HSTS_SHORT_MAX_AGE',
+    HEADER_HSTS_NO_INCLUDESUBDOMAINS = 'HEADER_HSTS_NO_INCLUDESUBDOMAINS',
+    HEADER_HSTS_PRELOAD_LOW_MAX_AGE = 'HEADER_HSTS_PRELOAD_LOW_MAX_AGE',
+    COOKIE_SAMESITE_NONE_WITHOUT_SECURE = 'COOKIE_SAMESITE_NONE_WITHOUT_SECURE',
     COOKIE_SESSION_MISSING_SECURE = 'COOKIE_SESSION_MISSING_SECURE',
     COOKIE_MISSING_SECURE = 'COOKIE_MISSING_SECURE',
     COOKIE_SESSION_MISSING_HTTPONLY = 'COOKIE_SESSION_MISSING_HTTPONLY',
@@ -187,41 +189,42 @@ export enum VulnerabilityCode {
     HOST_PASSWORD_RESET = 'HOST_PASSWORD_RESET',
     HOST_REDIRECT = 'HOST_REDIRECT',
 
-    // ========================================
-    // DIRECTORY BROWSING (DIRBROWSE_*)
-    // ========================================
-    DIRBROWSE_GENERIC = 'DIRBROWSE_GENERIC',
-    DIRBROWSE_GENERIC_SENSITIVE = 'DIRBROWSE_GENERIC_SENSITIVE',
-    DIRBROWSE_APACHE = 'DIRBROWSE_APACHE',
-    DIRBROWSE_APACHE_SENSITIVE = 'DIRBROWSE_APACHE_SENSITIVE',
-    DIRBROWSE_NGINX = 'DIRBROWSE_NGINX',
-    DIRBROWSE_NGINX_SENSITIVE = 'DIRBROWSE_NGINX_SENSITIVE',
-    DIRBROWSE_IIS = 'DIRBROWSE_IIS',
-    DIRBROWSE_IIS_SENSITIVE = 'DIRBROWSE_IIS_SENSITIVE',
-    DIRBROWSE_TOMCAT = 'DIRBROWSE_TOMCAT',
-    DIRBROWSE_TOMCAT_SENSITIVE = 'DIRBROWSE_TOMCAT_SENSITIVE',
-    DIRBROWSE_CADDY = 'DIRBROWSE_CADDY',
-    DIRBROWSE_CADDY_SENSITIVE = 'DIRBROWSE_CADDY_SENSITIVE',
-    DIRBROWSE_WEBDAV = 'DIRBROWSE_WEBDAV',
-    DIRBROWSE_WEBDAV_SENSITIVE = 'DIRBROWSE_WEBDAV_SENSITIVE',
-    DIRBROWSE_S3 = 'DIRBROWSE_S3',
-    DIRBROWSE_S3_SENSITIVE = 'DIRBROWSE_S3_SENSITIVE',
-    DIRBROWSE_GCS = 'DIRBROWSE_GCS',
-    DIRBROWSE_GCS_SENSITIVE = 'DIRBROWSE_GCS_SENSITIVE',
-    DIRBROWSE_AZURE_BLOB = 'DIRBROWSE_AZURE_BLOB',
-    DIRBROWSE_AZURE_BLOB_SENSITIVE = 'DIRBROWSE_AZURE_BLOB_SENSITIVE',
-    DIRBROWSE_ENABLED = 'DIRBROWSE_ENABLED',
-    DIRBROWSE_SENSITIVE = 'DIRBROWSE_SENSITIVE',
-
-    // ========================================
-    // MASS ASSIGNMENT (MASSASSIGN_*)
     // ========================================
-    MASSASSIGN_PROTOTYPE_POLLUTION = 'MASSASSIGN_PROTOTYPE_POLLUTION',
-    MASSASSIGN_ROLE_ESCALATION = 'MASSASSIGN_ROLE_ESCALATION',
-    MASSASSIGN_HIDDEN_FIELD = 'MASSASSIGN_HIDDEN_FIELD',
+    // DIRECTORY BROWSING (DIRBROWSE_*)
+    // ========================================
+    DIRBROWSE_GENERIC = 'DIRBROWSE_GENERIC',
+    DIRBROWSE_GENERIC_SENSITIVE = 'DIRBROWSE_GENERIC_SENSITIVE',
+    DIRBROWSE_APACHE = 'DIRBROWSE_APACHE',
+    DIRBROWSE_APACHE_SENSITIVE = 'DIRBROWSE_APACHE_SENSITIVE',
+    DIRBROWSE_NGINX = 'DIRBROWSE_NGINX',
+    DIRBROWSE_NGINX_SENSITIVE = 'DIRBROWSE_NGINX_SENSITIVE',
+    DIRBROWSE_IIS = 'DIRBROWSE_IIS',
+    DIRBROWSE_IIS_SENSITIVE = 'DIRBROWSE_IIS_SENSITIVE',
+    DIRBROWSE_TOMCAT = 'DIRBROWSE_TOMCAT',
+    DIRBROWSE_TOMCAT_SENSITIVE = 'DIRBROWSE_TOMCAT_SENSITIVE',
+    DIRBROWSE_CADDY = 'DIRBROWSE_CADDY',
+    DIRBROWSE_CADDY_SENSITIVE = 'DIRBROWSE_CADDY_SENSITIVE',
+    DIRBROWSE_WEBDAV = 'DIRBROWSE_WEBDAV',
+    DIRBROWSE_WEBDAV_SENSITIVE = 'DIRBROWSE_WEBDAV_SENSITIVE',
+    DIRBROWSE_S3 = 'DIRBROWSE_S3',
+    DIRBROWSE_S3_SENSITIVE = 'DIRBROWSE_S3_SENSITIVE',
+    DIRBROWSE_GCS = 'DIRBROWSE_GCS',
+    DIRBROWSE_GCS_SENSITIVE = 'DIRBROWSE_GCS_SENSITIVE',
+    DIRBROWSE_AZURE_BLOB = 'DIRBROWSE_AZURE_BLOB',
+    DIRBROWSE_AZURE_BLOB_SENSITIVE = 'DIRBROWSE_AZURE_BLOB_SENSITIVE',
+    DIRBROWSE_ENABLED = 'DIRBROWSE_ENABLED',
+    DIRBROWSE_SENSITIVE = 'DIRBROWSE_SENSITIVE',
 
-    // ========================================
-    // DESERIALIZATION (DESER_*)
+    // ========================================
+    // MASS ASSIGNMENT (MASSASSIGN_*)
+    // ========================================
+    MASSASSIGN_PROTOTYPE_POLLUTION = 'MASSASSIGN_PROTOTYPE_POLLUTION',
+    MASSASSIGN_ROLE_ESCALATION = 'MASSASSIGN_ROLE_ESCALATION',
+    MASSASSIGN_HIDDEN_FIELD = 'MASSASSIGN_HIDDEN_FIELD',
+    HPP_DUPLICATE_PARAMETER = 'HPP_DUPLICATE_PARAMETER',
+
+    // ========================================
+    // DESERIALIZATION (DESER_*)
     // ========================================
     DESER_JAVA = 'DESER_JAVA',
     DESER_PHP = 'DESER_PHP',
@@ -285,10 +288,10 @@ export enum VulnerabilityCode {
     SENS_MED_SITEMAP = 'SENS_MED_SITEMAP',
     SENS_MED_CROSSDOMAIN_XML = 'SENS_MED_CROSSDOMAIN_XML',
 
-    // ========================================
-    // SENSITIVE PATH SCOUT - LOW (SENS_LOW_*)
-    // ========================================
-    SENS_LOW_TRAVIS_CI = 'SENS_LOW_TRAVIS_CI',
+    // ========================================
+    // SENSITIVE PATH SCOUT - LOW (SENS_LOW_*)
+    // ========================================
+    SENS_LOW_TRAVIS_CI = 'SENS_LOW_TRAVIS_CI',
     SENS_LOW_JENKINSFILE = 'SENS_LOW_JENKINSFILE',
     SENS_LOW_CIRCLECI = 'SENS_LOW_CIRCLECI',
     SENS_LOW_GITLAB_CI = 'SENS_LOW_GITLAB_CI',
@@ -364,65 +367,65 @@ export enum VulnerabilityCode {
     SENS_LOW_VIM_SWAP_FILE_DETECTED = 'SENS_LOW_VIM_SWAP_FILE_DETECTED',
     SENS_LOW_DIRECTORY_LISTING_ENABLED = 'SENS_LOW_DIRECTORY_LISTING_ENABLED',
     SENS_LOW_AWSSAM_TEMPLATE_EXPOSED = 'SENS_LOW_AWSSAM_TEMPLATE_EXPOSED',
-    SENS_LOW_SERVERLESS_CONFIG_EXPOSED = 'SENS_LOW_SERVERLESS_CONFIG_EXPOSED',
-    SENS_LOW_CLOUD_FORMATION_TEMPLATE_EXPOSED = 'SENS_LOW_CLOUD_FORMATION_TEMPLATE_EXPOSED',
-
-    // ========================================
-    // SENSITIVE DATA EXPOSURE (SENS_DATA_*)
-    // ========================================
-    SENS_DATA_AWS_ACCESS_KEY_ID = 'SENS_DATA_AWS_ACCESS_KEY_ID',
-    SENS_DATA_AWS_SECRET_ACCESS_KEY = 'SENS_DATA_AWS_SECRET_ACCESS_KEY',
-    SENS_DATA_AWS_MWS_AUTH_TOKEN = 'SENS_DATA_AWS_MWS_AUTH_TOKEN',
-    SENS_DATA_GOOGLE_API_KEY = 'SENS_DATA_GOOGLE_API_KEY',
-    SENS_DATA_GOOGLE_OAUTH_TOKEN = 'SENS_DATA_GOOGLE_OAUTH_TOKEN',
-    SENS_DATA_GOOGLE_CLOUD_PRIVATE_KEY_ID = 'SENS_DATA_GOOGLE_CLOUD_PRIVATE_KEY_ID',
-    SENS_DATA_GITHUB_PAT = 'SENS_DATA_GITHUB_PAT',
-    SENS_DATA_GITHUB_OAUTH_TOKEN = 'SENS_DATA_GITHUB_OAUTH_TOKEN',
-    SENS_DATA_GITHUB_APP_TOKEN = 'SENS_DATA_GITHUB_APP_TOKEN',
-    SENS_DATA_GITHUB_REFRESH_TOKEN = 'SENS_DATA_GITHUB_REFRESH_TOKEN',
-    SENS_DATA_GITLAB_PAT = 'SENS_DATA_GITLAB_PAT',
-    SENS_DATA_GITLAB_PIPELINE_TOKEN = 'SENS_DATA_GITLAB_PIPELINE_TOKEN',
-    SENS_DATA_AZURE_STORAGE_ACCOUNT_KEY = 'SENS_DATA_AZURE_STORAGE_ACCOUNT_KEY',
-    SENS_DATA_STRIPE_SECRET_KEY = 'SENS_DATA_STRIPE_SECRET_KEY',
-    SENS_DATA_STRIPE_PUBLISHABLE_KEY = 'SENS_DATA_STRIPE_PUBLISHABLE_KEY',
-    SENS_DATA_STRIPE_RESTRICTED_KEY = 'SENS_DATA_STRIPE_RESTRICTED_KEY',
-    SENS_DATA_SLACK_TOKEN = 'SENS_DATA_SLACK_TOKEN',
-    SENS_DATA_SLACK_WEBHOOK = 'SENS_DATA_SLACK_WEBHOOK',
-    SENS_DATA_DISCORD_BOT_TOKEN = 'SENS_DATA_DISCORD_BOT_TOKEN',
-    SENS_DATA_DISCORD_WEBHOOK = 'SENS_DATA_DISCORD_WEBHOOK',
-    SENS_DATA_TWILIO_ACCOUNT_SID = 'SENS_DATA_TWILIO_ACCOUNT_SID',
-    SENS_DATA_SENDGRID_API_KEY = 'SENS_DATA_SENDGRID_API_KEY',
-    SENS_DATA_MAILGUN_API_KEY = 'SENS_DATA_MAILGUN_API_KEY',
-    SENS_DATA_MAILCHIMP_API_KEY = 'SENS_DATA_MAILCHIMP_API_KEY',
-    SENS_DATA_NPM_TOKEN = 'SENS_DATA_NPM_TOKEN',
-    SENS_DATA_PYPI_TOKEN = 'SENS_DATA_PYPI_TOKEN',
-    SENS_DATA_RSA_PRIVATE_KEY = 'SENS_DATA_RSA_PRIVATE_KEY',
-    SENS_DATA_OPENSSH_PRIVATE_KEY = 'SENS_DATA_OPENSSH_PRIVATE_KEY',
-    SENS_DATA_DSA_PRIVATE_KEY = 'SENS_DATA_DSA_PRIVATE_KEY',
-    SENS_DATA_EC_PRIVATE_KEY = 'SENS_DATA_EC_PRIVATE_KEY',
-    SENS_DATA_PGP_PRIVATE_KEY = 'SENS_DATA_PGP_PRIVATE_KEY',
-    SENS_DATA_ENCRYPTED_PRIVATE_KEY = 'SENS_DATA_ENCRYPTED_PRIVATE_KEY',
-    SENS_DATA_MONGODB_URI = 'SENS_DATA_MONGODB_URI',
-    SENS_DATA_POSTGRESQL_URI = 'SENS_DATA_POSTGRESQL_URI',
-    SENS_DATA_MYSQL_URI = 'SENS_DATA_MYSQL_URI',
-    SENS_DATA_REDIS_URI = 'SENS_DATA_REDIS_URI',
-    SENS_DATA_MSSQL_URI = 'SENS_DATA_MSSQL_URI',
-    SENS_DATA_DIGITALOCEAN_TOKEN = 'SENS_DATA_DIGITALOCEAN_TOKEN',
-    SENS_DATA_ALIBABA_CLOUD_ACCESS_KEY = 'SENS_DATA_ALIBABA_CLOUD_ACCESS_KEY',
-    SENS_DATA_SQUARE_ACCESS_TOKEN = 'SENS_DATA_SQUARE_ACCESS_TOKEN',
-    SENS_DATA_SQUARE_OAUTH_SECRET = 'SENS_DATA_SQUARE_OAUTH_SECRET',
-    SENS_DATA_SHOPIFY_ACCESS_TOKEN = 'SENS_DATA_SHOPIFY_ACCESS_TOKEN',
-    SENS_DATA_SHOPIFY_CUSTOM_APP_TOKEN = 'SENS_DATA_SHOPIFY_CUSTOM_APP_TOKEN',
-    SENS_DATA_SHOPIFY_PRIVATE_APP_TOKEN = 'SENS_DATA_SHOPIFY_PRIVATE_APP_TOKEN',
-    SENS_DATA_SHOPIFY_SHARED_SECRET = 'SENS_DATA_SHOPIFY_SHARED_SECRET',
-    SENS_DATA_TELEGRAM_BOT_TOKEN = 'SENS_DATA_TELEGRAM_BOT_TOKEN',
-    SENS_DATA_OPENAI_API_KEY = 'SENS_DATA_OPENAI_API_KEY',
-    SENS_DATA_SENTRY_DSN = 'SENS_DATA_SENTRY_DSN',
-
-    // ========================================
-    // CLICKJACKING (CLICK_*)
-    // ========================================
-    CLICK_FRAMEABLE = 'CLICK_FRAMEABLE',
+    SENS_LOW_SERVERLESS_CONFIG_EXPOSED = 'SENS_LOW_SERVERLESS_CONFIG_EXPOSED',
+    SENS_LOW_CLOUD_FORMATION_TEMPLATE_EXPOSED = 'SENS_LOW_CLOUD_FORMATION_TEMPLATE_EXPOSED',
+
+    // ========================================
+    // SENSITIVE DATA EXPOSURE (SENS_DATA_*)
+    // ========================================
+    SENS_DATA_AWS_ACCESS_KEY_ID = 'SENS_DATA_AWS_ACCESS_KEY_ID',
+    SENS_DATA_AWS_SECRET_ACCESS_KEY = 'SENS_DATA_AWS_SECRET_ACCESS_KEY',
+    SENS_DATA_AWS_MWS_AUTH_TOKEN = 'SENS_DATA_AWS_MWS_AUTH_TOKEN',
+    SENS_DATA_GOOGLE_API_KEY = 'SENS_DATA_GOOGLE_API_KEY',
+    SENS_DATA_GOOGLE_OAUTH_TOKEN = 'SENS_DATA_GOOGLE_OAUTH_TOKEN',
+    SENS_DATA_GOOGLE_CLOUD_PRIVATE_KEY_ID = 'SENS_DATA_GOOGLE_CLOUD_PRIVATE_KEY_ID',
+    SENS_DATA_GITHUB_PAT = 'SENS_DATA_GITHUB_PAT',
+    SENS_DATA_GITHUB_OAUTH_TOKEN = 'SENS_DATA_GITHUB_OAUTH_TOKEN',
+    SENS_DATA_GITHUB_APP_TOKEN = 'SENS_DATA_GITHUB_APP_TOKEN',
+    SENS_DATA_GITHUB_REFRESH_TOKEN = 'SENS_DATA_GITHUB_REFRESH_TOKEN',
+    SENS_DATA_GITLAB_PAT = 'SENS_DATA_GITLAB_PAT',
+    SENS_DATA_GITLAB_PIPELINE_TOKEN = 'SENS_DATA_GITLAB_PIPELINE_TOKEN',
+    SENS_DATA_AZURE_STORAGE_ACCOUNT_KEY = 'SENS_DATA_AZURE_STORAGE_ACCOUNT_KEY',
+    SENS_DATA_STRIPE_SECRET_KEY = 'SENS_DATA_STRIPE_SECRET_KEY',
+    SENS_DATA_STRIPE_PUBLISHABLE_KEY = 'SENS_DATA_STRIPE_PUBLISHABLE_KEY',
+    SENS_DATA_STRIPE_RESTRICTED_KEY = 'SENS_DATA_STRIPE_RESTRICTED_KEY',
+    SENS_DATA_SLACK_TOKEN = 'SENS_DATA_SLACK_TOKEN',
+    SENS_DATA_SLACK_WEBHOOK = 'SENS_DATA_SLACK_WEBHOOK',
+    SENS_DATA_DISCORD_BOT_TOKEN = 'SENS_DATA_DISCORD_BOT_TOKEN',
+    SENS_DATA_DISCORD_WEBHOOK = 'SENS_DATA_DISCORD_WEBHOOK',
+    SENS_DATA_TWILIO_ACCOUNT_SID = 'SENS_DATA_TWILIO_ACCOUNT_SID',
+    SENS_DATA_SENDGRID_API_KEY = 'SENS_DATA_SENDGRID_API_KEY',
+    SENS_DATA_MAILGUN_API_KEY = 'SENS_DATA_MAILGUN_API_KEY',
+    SENS_DATA_MAILCHIMP_API_KEY = 'SENS_DATA_MAILCHIMP_API_KEY',
+    SENS_DATA_NPM_TOKEN = 'SENS_DATA_NPM_TOKEN',
+    SENS_DATA_PYPI_TOKEN = 'SENS_DATA_PYPI_TOKEN',
+    SENS_DATA_RSA_PRIVATE_KEY = 'SENS_DATA_RSA_PRIVATE_KEY',
+    SENS_DATA_OPENSSH_PRIVATE_KEY = 'SENS_DATA_OPENSSH_PRIVATE_KEY',
+    SENS_DATA_DSA_PRIVATE_KEY = 'SENS_DATA_DSA_PRIVATE_KEY',
+    SENS_DATA_EC_PRIVATE_KEY = 'SENS_DATA_EC_PRIVATE_KEY',
+    SENS_DATA_PGP_PRIVATE_KEY = 'SENS_DATA_PGP_PRIVATE_KEY',
+    SENS_DATA_ENCRYPTED_PRIVATE_KEY = 'SENS_DATA_ENCRYPTED_PRIVATE_KEY',
+    SENS_DATA_MONGODB_URI = 'SENS_DATA_MONGODB_URI',
+    SENS_DATA_POSTGRESQL_URI = 'SENS_DATA_POSTGRESQL_URI',
+    SENS_DATA_MYSQL_URI = 'SENS_DATA_MYSQL_URI',
+    SENS_DATA_REDIS_URI = 'SENS_DATA_REDIS_URI',
+    SENS_DATA_MSSQL_URI = 'SENS_DATA_MSSQL_URI',
+    SENS_DATA_DIGITALOCEAN_TOKEN = 'SENS_DATA_DIGITALOCEAN_TOKEN',
+    SENS_DATA_ALIBABA_CLOUD_ACCESS_KEY = 'SENS_DATA_ALIBABA_CLOUD_ACCESS_KEY',
+    SENS_DATA_SQUARE_ACCESS_TOKEN = 'SENS_DATA_SQUARE_ACCESS_TOKEN',
+    SENS_DATA_SQUARE_OAUTH_SECRET = 'SENS_DATA_SQUARE_OAUTH_SECRET',
+    SENS_DATA_SHOPIFY_ACCESS_TOKEN = 'SENS_DATA_SHOPIFY_ACCESS_TOKEN',
+    SENS_DATA_SHOPIFY_CUSTOM_APP_TOKEN = 'SENS_DATA_SHOPIFY_CUSTOM_APP_TOKEN',
+    SENS_DATA_SHOPIFY_PRIVATE_APP_TOKEN = 'SENS_DATA_SHOPIFY_PRIVATE_APP_TOKEN',
+    SENS_DATA_SHOPIFY_SHARED_SECRET = 'SENS_DATA_SHOPIFY_SHARED_SECRET',
+    SENS_DATA_TELEGRAM_BOT_TOKEN = 'SENS_DATA_TELEGRAM_BOT_TOKEN',
+    SENS_DATA_OPENAI_API_KEY = 'SENS_DATA_OPENAI_API_KEY',
+    SENS_DATA_SENTRY_DSN = 'SENS_DATA_SENTRY_DSN',
+
+    // ========================================
+    // CLICKJACKING (CLICK_*)
+    // ========================================
+    CLICK_FRAMEABLE = 'CLICK_FRAMEABLE',
     CLICK_PARTIAL_PROTECTION = 'CLICK_PARTIAL_PROTECTION',
 }