Skip to content

v1.16 - 2025-06-23

Latest
Latest
Compare
Choose a tag to compare
@abhinav-nain abhinav-nain released this 20 Jun 11:56
v1.16
6211aad
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Added

  • Broken Access Control (BAC) - Bypass of Password Confirmation - Change Password - P4
  • Sensitive Data Exposure - GraphQL Introspection Enabled - P5
  • AI Application Security - Training Data Poisoning - Backdoor Injection / Bias Manipulation - P1
  • AI Application Security - Model Extraction - API Query-Based Model Reconstruction - P1
  • AI Application Security - Sensitive Information Disclosure - Cross-Tenant PII Leakage/Exposure - P1
  • AI Application Security - Sensitive Information Disclosure - Key Leak - P1
  • AI Application Security - Remote Code Execution - Full System Compromise - P1
  • AI Application Security - Remote Code Execution - Sandboxed Container Code Execution - P2
  • AI Application Security - Prompt Injection - System Prompt Leakage - P2
  • AI Application Security - Vector and Embedding Weaknesses - Embedding Exfiltration / Model Extraction - P2
  • AI Application Security - Vector and Embedding Weaknesses - Semantic Indexing - P3
  • AI Application Security - Denial-of-Service (DoS) - Application-Wide - P2
  • AI Application Security - AI Safety - Misinformation / Wrong Factual Data - P4
  • AI Application Security - Insufficient Rate Limiting - Query Flooding / API Token Abuse - P4
  • AI Application Security - Denial-of-Service (DoS) - Tenant-Scoped - P4
  • AI Application Security - Adversarial Example Injection - AI Misclassification Attacks - P4
  • AI Application Security - Improper Output Handling - Cross-Site Scripting (XSS) - P3
  • AI Application Security - Improper Output Handling - Markdown/HTML Injection - P4
  • AI Application Security - Improper Input Handling - ANSI Escape Codes - P5
  • AI Application Security - Improper Input Handling - Unicode Confusables - P5
  • AI Application Security - Improper Input Handling - RTL Overrides - P5

Removed

  • AI Application Security - Large Language Model (LLM) Security - LLM Output Handling - P1
  • AI Application Security - Large Language Model (LLM) Security - Prompt Injection - P1
  • AI Application Security - Large Language Model (LLM) Security - Training Data Poisoning - P1
  • AI Application Security - Large Language Model (LLM) Security - Excessive Agency/Permission Manipulation - P2

Other

  • Removed CVSS score for VRT entries with 'VARIES' priority, and added default CVSS (0 score) wherever missing.
  • Fixed 'deprecated-node-mapping.json' file to reflect the correct format and fill in missing values.
Assets 2
Loading