A01: Broken Access Control

Restrictions on authenticated users are not properly enforced

A02: Cryptographic Failures

Failures related to cryptography which often lead to sensitive data exposure

A03: Injection

User-supplied data is not validated, filtered, or sanitized

A04: Insecure Design

Missing or ineffective control design

A05: Security Misconfiguration

Missing appropriate security hardening

A06: Vulnerable Components

Using components with known vulnerabilities

A07: Auth Failures

Authentication and session management implemented incorrectly

A08: Data Integrity Failures

Code and infrastructure that does not protect against integrity violations

A09: Logging Failures

Insufficient logging and monitoring

A10: SSRF

Server-Side Request Forgery flaws