explainx.ainewsletter3.4k
Productivity

top-100-web-vulnerabilities-reference

davila7/claude-code-templates · updated Apr 8, 2026

MDX-style export adds YAML metadata + attribution linking explainx.ai and this canonical listing URL.

$npx skills add https://github.com/davila7/claude-code-templates --skill top-100-web-vulnerabilities-reference
0 commentsdiscussion
summary

Provide a comprehensive, structured reference for the 100 most critical web application vulnerabilities organized by category. This skill enables systematic vulnerability identification, impact assessment, and remediation guidance across the full spectrum of web security threats. Content organized into 15 major vulnerability categories aligned with industry standards and real-world attack patterns.

skill.md

Top 100 Web Vulnerabilities Reference

Purpose

Provide a comprehensive, structured reference for the 100 most critical web application vulnerabilities organized by category. This skill enables systematic vulnerability identification, impact assessment, and remediation guidance across the full spectrum of web security threats. Content organized into 15 major vulnerability categories aligned with industry standards and real-world attack patterns.

Prerequisites

  • Basic understanding of web application architecture (client-server model, HTTP protocol)
  • Familiarity with common web technologies (HTML, JavaScript, SQL, XML, APIs)
  • Understanding of authentication and authorization concepts
  • Access to web application security testing tools (Burp Suite, OWASP ZAP)
  • Knowledge of secure coding principles recommended

Outputs and Deliverables

  • Complete vulnerability catalog with definitions, root causes, impacts, and mitigations
  • Category-based vulnerability groupings for systematic assessment
  • Quick reference for security testing and remediation
  • Foundation for vulnerability assessment checklists and security policies

Core Workflow

Phase 1: Injection Vulnerabilities Assessment

Evaluate injection attack vectors targeting data processing components:

SQL Injection (1)

  • Definition: Malicious SQL code inserted into input fields to manipulate database queries
  • Root Cause: Lack of input validation, improper use of parameterized queries
  • Impact: Unauthorized data access, data manipulation, database compromise
  • Mitigation: Use parameterized queries/prepared statements, input validation, least privilege database accounts

Cross-Site Scripting - XSS (2)

  • Definition: Injection of malicious scripts into web pages viewed by other users
  • Root Cause: Insufficient output encoding, lack of input sanitization
  • Impact: Session hijacking, credential theft, website defacement
  • Mitigation: Output encoding, Content Security Policy (CSP), input sanitization

Command Injection (5, 11)

  • Definition: Execution of arbitrary system commands through vulnerable applications
  • Root Cause: Unsanitized user input passed to system shells
  • Impact: Full system compromise, data exfiltration, lateral movement
  • Mitigation: Avoid shell execution, whitelist valid commands, strict input validation

XML Injection (6), LDAP Injection (7), XPath Injection (8)

  • Definition: Manipulation of XML/LDAP/XPath queries through malicious input
  • Root Cause: Improper input handling in query construction
  • Impact: Data exposure, authentication bypass, information disclosure
  • Mitigation: Input validation, parameterized queries, escape special characters

Server-Side Template Injection - SSTI (13)

  • Definition: Injection of malicious code into template engines
  • Root Cause: User input embedded directly in template expressions
  • Impact: Remote code execution, server compromise
  • Mitigation: Sandbox template engines, avoid user input in templates, strict input validation

Phase 2: Authentication and Session Security

Assess authentication mechanism weaknesses:

Session Fixation (14)

  • Definition: Attacker sets victim's session ID before authentication
  • Root Cause: Session ID not regenerated after login
  • Impact: Session hijacking, unauthorized account access
  • Mitigation: Regenerate session ID on authentication, use secure session management

Brute Force Attack (15)

  • Definition: Systematic password guessing using automated tools
  • Root Cause: Lack of account lockout, rate limiting, or CAPTCHA
  • Impact: Unauthorized access, credential compromise
  • Mitigation: Account lockout policies, rate limiting, MFA, CAPTCHA

Session Hijacking (16)

  • Definition: Attacker steals or predicts valid session tokens
  • Root Cause: Weak session token generation, insecure transmission
  • Impact: Account takeover, unauthorized access
  • Mitigation: Secure random token generation, HTTPS, HttpOnly/Secure cookie flags

Credential Stuffing and Reuse (22)

  • Definition: Using leaked credentials to access accounts across services
  • Root Cause: Users reusing passwords, no breach detection
  • Impact: Mass account compromise, data breaches
  • Mitigation: MFA, breach password checks, unique credential requirements

Insecure "Remember Me" Functionality (85)

  • Definition: Weak persistent authentication token implementation
  • Root Cause: Predictable tokens, inadequate expiration controls
  • Impact: Unauthorized persistent access, session compromise
  • Mitigation: Strong token generation, proper expiration, secure storage

CAPTCHA Bypass (86)

  • Definition: Circumventing bot detection mechanisms
  • Root Cause: Weak CAPTCHA algorithms, improper validation
  • Impact: Automated attacks, credential stuffing, spam
  • Mitigation: reCAPTCHA v3, layered bot detection, rate limiting

Phase 3: Sensitive Data Exposure

Identify data protection failures:

IDOR - Insecure Direct Object References (23, 42)

  • Definition: Direct access to internal objects via user-supplied references
  • Root Cause: Missing authorization checks on object access
  • Impact: Unauthorized data access, privacy breaches
  • Mitigation: Access control validation, indirect reference maps, authorization checks

Data Leakage (24)

  • Definition: Inadvertent disclosure of sensitive information
  • Root Cause: Inadequate data protection, weak access controls
  • Impact: Privacy breaches, regulatory penalties, reputation damage
  • Mitigation: DLP solutions, encryption, access controls, security training

Unencrypted Data Storage (25)

  • Definition: Storing sensitive data without encryption
  • Root Cause: Failure to implement encryption at rest
  • Impact: Data breaches if storage compromised
  • Mitigation: Full-disk encryption, database encryption, secure key management

Information Disclosure (33)

  • Definition: Exposure of system details through error messages or responses
  • Root Cause: Verbose error handling, debug information in production
  • Impact: Reconnaissance for further attacks, credential exposure
  • Mitigation: Generic error messages, disable debug mode, secure logging

Phase 4: Security Misconfiguration

Assess configuration weaknesses:

Missing Security Headers (26)

  • Definition: Absence of protective HTTP headers (CSP, X-Frame-Options, HSTS)
  • Root Cause: Inadequate server configuration
  • Impact: XSS attacks, clickjacking, protocol downgrade
  • Mitigation: Implement CSP, X-Content-Type-Options, X-Frame-Options, HSTS

Default Passwords (28)

  • Definition: Unchanged default credentials on systems/applications
  • Root Cause: Failure to change vendor defaults
  • Impact: Unauthorized access, system compromise
  • Mitigation: Mandatory password changes, strong password policies

Directory Listing (29)

  • Definition: Web server exposes directory contents
  • Root Cause: Improper server configuration
  • Impact: Information disclosure, sensitive file exposure
  • Mitigation: Disable directory indexing, use default index files

Unprotected API Endpoints (30)

  • Definition: APIs lacking authentication or authorization
  • Root Cause: Missing security controls on API routes
  • Impact: Unauthorized data access, API abuse
  • Mitigation: OAuth/API keys, access controls, rate limiting

Open Ports and Services (31)

  • Definition: Unnecessary network services exposed
  • Root Cause: Failure to minimize attack surface
  • Impact: Exploitation of vulnerable services
  • Mitigation: Port scanning audits, firewall rules, service minimization

Misconfigured CORS (35)

  • Definition: Overly permissive Cross-Origin Resource Sharing policies
  • Root Cause: Wildcard origins, improper CORS configuration
  • Impact: Cross-site request attacks, data theft
  • Mitigation: Whitelist trusted origins, validate CORS headers

Unpatched Software (34)

  • Definition: Systems running outdated vulnerable software
  • Root Cause: Neglected patch management
  • Impact: Exploitation of known vulnerabilities
  • Mitigation: Patch management program, vulnerability scanning, automated updates

Phase 5: XML-Related Vulnerabilities

Evaluate XML processing security:

XXE - XML External Entity Injection (37)

  • Definition: Exploitation of XML parsers to access files or internal systems
  • Root Cause: External entity processing enabled
  • Impact: File disclosure, SSRF, denial of service
  • Mitigation: Disable external entities, use safe XML parsers

XEE - XML Entity Expansion (38)

  • Definition: Excessive entity expansion causing resource exhaustion
  • Root Cause: Unlimited entity expansion allowed
  • Impact: Denial of service, parser crashes
  • Mitigation: Limit entity expansion, configure parser restrictions

XML Bomb (Billion Laughs) (39)

  • Definition: Crafted XML with nested entities consuming resources
  • Root Cause: Recursive entity definitions
  • Impact: Memory exhaustion, denial of service
  • Mitigation: Entity expansion limits, input size restrictions

XML Denial of Service (65)

  • Definition: Specially crafted XML causing excessive processing
  • Root Cause: Complex document structures without limits
  • Impact: CPU/memory exhaustion, service unavailability
  • Mitigation: Schema validation, size limits, processing timeouts

Phase 6: Broken Access Control

Assess authorization enforcement:

Inadequate Authorization (40)

  • Definition: Failure to properly enforce access controls
  • Root Cause: Weak authorization policies, missing checks
  • Impact: Unauthorized access to sensitive resources
  • Mitigation: RBAC, centralized IAM, regular access reviews

Privilege Escalation (41)

  • Definition: Gaining elevated access beyond intended permissions
  • Root Cause: Misconfigured permissions, system vulnerabilities
  • Impact: Full system compromise, data manipulation
  • Mitigation: Least privilege, regular patching, privilege monitoring

Forceful Browsing (43)

  • Definition: Direct URL manipulation to access restricted resources
  • Root Cause: Weak access controls, predictable URLs
  • Impact: Unauthorized file/directory access
  • Mitigation: Server-side access controls, unpredictable resource paths

Missing Function-Level Access Control (44)

  • Definition: Unprotected administrative or privileged functions
  • Root Cause: Authorization only at UI level
  • Impact: Unauthorized function execution
  • Mitigation: Server-side authorization for all functions, RBAC

Phase 7: Insecure Deserialization

Evaluate object serialization security:

Remote Code Execution via Deserialization (45)

  • Definition: Arbitrary code execution through malicious serialized objects
  • Root Cause: Untrusted data deserialized without validation
  • Impact: Complete system compromise, code execution
  • Mitigation: Avoid deserializing untrusted data, integrity checks, type validation

Data Tampering (46)

  • Definition: Unauthorized modification of serialized data
  • Root Cause: Missing integrity verification
  • Impact: Data corruption, privilege manipulation
  • Mitigation: Digital signatures, HMAC validation, encryption

Object Injection (47)

  • Definition: Malicious object instantiation during deserialization
  • Root Cause: Unsafe deserialization practices
  • Impact: Code execution, unauthorized access
  • Mitigation: Type restrictions, class whitelisting, secure libraries

Phase 8: API Security Assessment

Evaluate API-specific vulnerabilities:

Insecure API Endpoints (48)

  • Definition: APIs without proper security controls
  • Root Cause: Poor API design, missing authentication
  • Impact: Data breaches, unauthorized access
  • Mitigation: OAuth/JWT, HTTPS, input validation, rate limiting

API Key Exposure (49)

  • Definition: Leaked or exposed API credentials
  • Root Cause: Hardcoded keys, insecure storage
  • Impact: Unauthorized API access, abuse
  • Mitigation: Secure key storage, rotation, environment variables

Lack of Rate Limiting (50)

  • Definition: No controls on API request frequency
  • Root Cause: Missing throttling mechanisms
  • Impact: DoS, API abuse, resource exhaustion
  • Mitigation: Rate limits per user/IP, throttling, DDoS protection

Inadequate Input Validation (51)

  • Definition: APIs accepting unvalidated user input
  • Root Cause: Missing server-side validation
  • Impact: Injection attacks, data corruption
  • Mitigation: Strict validation, parameterized queries, WAF

API Abuse (75)

  • Definition: Exploiting API functionality for malicious purposes
  • Root Cause: Excessive trust in client input
  • Impact: Data theft, account takeover, service abuse
  • Mitigation: Strong authentication, behavior analysis, anomaly detection

Phase 9: Communication Security

Assess transport layer protections:

Man-in-the-Middle Attack (52)

  • Definition: Interception of communication between parties
  • Root Cause: Unencrypted channels, compromised networks
  • Impact: Data theft, session hijacking, impersonation
  • Mitigation: TLS/SSL, certificate pinning, mutual authentication

Insufficient Transport Layer Security (53)

  • Definition: Weak or outdated encryption for data in transit
  • Root Cause: Outdated protocols (SSLv2/3), weak ciphers
  • Impact: Traffic interception, credential theft
  • Mitigation: TLS 1.2+, strong cipher suites, HSTS

Insecure SSL/TLS Configuration (54)

  • Definition: Improperly configured encryption settings
  • Root Cause: Weak ciphers, missing forward secrecy
  • Impact: Traffic decryption, MITM attacks
  • Mitigation: Modern cipher suites, PFS, certificate validation

Insecure Communication Protocols (55)

  • Definition: Use of unencrypted protocols (HTTP, Telnet, FTP)
  • Root Cause: Legacy systems, security unawareness
  • Impact: Traffic sniffing, credential exposure
  • Mitigation: HTTPS, SSH, SFTP, VPN tunnels

Phase 10: Client-Side Vulnerabilities

Evaluate browser-side security:

DOM-based XSS (56)

  • Definition: XSS through client-side JavaScript manipulation
  • Root Cause: Unsafe DOM manipulation with user input
  • Impact: Session theft, credential harvesting
  • Mitigation: Safe DOM APIs, CSP, input sanitization

Insecure Cross-Origin Communication (57)

  • Definition: Improper handling of cross-origin requests
  • Root Cause: Relaxed CORS/SOP policies
  • Impact: Data leakage, CSRF attacks
  • Mitigation: Strict CORS, CSRF tokens, origin validation

Browser Cache Poisoning (58)

  • Definition: Manipulation of cached content
  • Root Cause: Weak cache validation
  • Impact: Malicious content delivery
  • Mitigation: Cache-Control headers, HTTPS, integrity checks

Clickjacking (59, 71)

  • Definition: UI redress attack tricking users into clicking hidden elements
  • Root Cause: Missing frame protection
  • Impact: Unintended actions, credential theft
  • Mitigation: X-Frame-Options, CSP frame-ancestors, frame-busting

HTML5 Security Issues (60)

  • Definition: Vulnerabilities in HTML5 APIs (WebSockets, Storage, Geolocation)
  • Root Cause: Improper API usage, insufficient validation
  • Impact: Data leakage, XSS, privacy violations
  • Mitigation: Secure API usage, input validation, sandboxing

Phase 11: Denial of Service Assessment

Evaluate availability threats:

DDoS - Distributed Denial of Service (61)

  • Definition: Overwhelming systems with traffic from multiple sources
  • Root Cause: Botnets, amplification attacks
  • Impact: Service unavailability, revenue loss
  • Mitigation: DDoS protection services, rate limiting, CDN

Application Layer DoS (62)

  • Definition: Targeting application logic to exhaust resources
  • Root Cause: Inefficient code, resource-intensive operations
  • Impact: Application unavailability, degraded performance
  • Mitigation: Rate limiting, caching, WAF, code optimization

Resource Exhaustion (63)

  • Definition: Depleting CPU, memory, disk, or network resources
  • Root Cause: Inefficient resource management
  • Impact: System crashes, service degradation
  • Mitigation: Resource quotas, monitoring, load balancing

Slowloris Attack (64)

  • Definition: Keeping connections open with partial HTTP requests
  • Root Cause: No connection timeouts
  • Impact: Web server resource exhaustion
  • Mitigation: Connection timeouts, request limits, reverse proxy

Phase 12: Server-Side Request Forgery

Assess SSRF vulnerabilities:

SSRF - Server-Side Request Forgery (66)

  • Definition: Manipulating server to make requests to internal resources
  • Root Cause: Unvalidated user-controlled URLs
  • Impact: Internal network access, data theft, cloud metadata access
  • Mitigation: URL whitelisting, network segmentation, egress filtering

Blind SSRF (87)

  • Definition: SSRF without direct response visibility
  • Root Cause: Similar to SSRF, harder to detect
  • Impact: Data exfiltration, internal reconnaissance
  • Mitigation: Allowlists, WAF, network restrictions

Time-Based Blind SSRF (88)

  • Definition: Inferring SSRF success through response timing
  • Root Cause: Processing delays indicating request outcomes
  • Impact: Prolonged exploitation, detection evasion
  • Mitigation: Request timeouts, anomaly detection, timing monitoring

Phase 13: Additional Web Vulnerabilities

# Vulnerability Root Cause Impact Mitigation
67 HTTP Parameter Pollution Inconsistent parsing Injection, ACL bypass Strict parsing, validation
68 Insecure Redirects Unvalidated targets Phishing, malware Whitelist destinations
69 File Inclusion (LFI/RFI) Unvalidated paths Code exec, disclosure Whitelist files, disable RFI
70 Security Header Bypass Misconfigured headers XSS, clickjacking Proper headers, audits
72 Inadequate Session Timeout Excessive timeouts Session hijacking Idle termination, timeouts
73 Insufficient Logging Missing infrastructure Detection gaps SIEM, alerting
74 Business Logic Flaws Insecure design Fraud, unauthorized ops Threat modeling, testing

Phase 14: Mobile and IoT Security

# Vulnerability Root Cause Impact Mitigation
76 Insecure Mobile Storage Plain text, weak crypto Data theft Keychain/Keystore, encrypt
77 Insecure Mobile Transmission HTTP, cert failures Traffic interception TLS, cert pinning
78 Insecure Mobile APIs Missing auth/validation Data exposure OAuth/JWT, validation
79 App Reverse Engineering Hardcoded creds Credential theft Obfuscation, RASP
80 IoT Management Issues Weak auth, no TLS Device takeover Strong auth, TLS
81 Weak IoT Authentication Default passwords Unauthorized access Unique creds, MFA
82 IoT Vulnerabilities Design flaws, old firmware Botnet recruitment Updates, segmentation
83 Smart Home Access Insecure defaults Privacy invasion MFA, segmentation
84 IoT Privacy Issues Excessive collection Surveillance Data minimization

Phase 15: Advanced and Zero-Day Threats

# Vulnerability Root Cause Impact Mitigation
89 MIME Sniffing Missing headers XSS, spoofing X-Content-Type-Options
91 CSP Bypass Weak config XSS despite CSP Strict CSP, nonces
92 Inconsistent Validation Decentralized logic Control bypass Centralized validation
93 Race Conditions Missing sync Privilege escalation Proper locking
94-95 Business Logic Flaws Missing validation Financial fraud Server-side validation
96 Account Enumeration Different responses Targeted attacks Uniform responses
98-99 Unpatched Vulnerabilities
how to use top-100-web-vulnerabilities-reference

How to use top-100-web-vulnerabilities-reference on Cursor

AI-first code editor with Composer

1

Prerequisites

Before installing skills in Cursor, ensure your development environment meets these requirements:

  • Cursor installed and configured on your development machine
  • Node.js version 16.0+ with npm package manager (verify with node --version)
  • Active project directory or workspace where you want to add top-100-web-vulnerabilities-reference
2

Execute installation command

Execute the skills CLI command in your project's root directory to begin installation:

$npx skills add https://github.com/davila7/claude-code-templates --skill top-100-web-vulnerabilities-reference

The skills CLI fetches top-100-web-vulnerabilities-reference from GitHub repository davila7/claude-code-templates and configures it for Cursor.

3

Select Cursor when prompted

The CLI will show a list of available agents. Use arrow keys to navigate and space to select Cursor:

◆ Which agents do you want to install to?
│ ── Universal (.agents/skills) ── always included ────
│ • Amp
│ • Antigravity
│ • Cline
│ • Codex
│ ●Cursor(selected)
│ • Cursor
│ • Windsurf
4

Verify installation

Confirm successful installation by checking the skill directory location:

.cursor/skills/top-100-web-vulnerabilities-reference

Reload or restart Cursor to activate top-100-web-vulnerabilities-reference. Access the skill through slash commands (e.g., /top-100-web-vulnerabilities-reference) or your agent's skill management interface.

Security & Verification Notice

We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.

Skills execute code in your development environment. Always verify the publisher's identity, review recent commits, and test in isolated environments before production deployment.

Additional Resources

View source code on GitHubSkills CLI documentationLearn more about CursorWhat are agent skills?

List & Monetize Your Skill

Submit your Claude Code skill and start earning

GET_STARTED →

Use Cases

User Story & Requirements Generation

Create detailed user stories, acceptance criteria, and feature specs

Example

Generate user stories for 'password reset feature' with acceptance criteria, edge cases, and test scenarios

Reduce spec writing time by 50%, ensure comprehensive coverage

Competitive Analysis

Research competitors, compare features, identify gaps

Example

Analyze 5 competitor products, create feature comparison matrix, suggest differentiation opportunities

Complete competitive research in 2 hours instead of 2 days

Roadmap Prioritization

Evaluate features using frameworks (RICE, ICE, Kano) and create prioritized backlogs

Example

Score 20 feature ideas using RICE framework, generate prioritized roadmap with rationale

Make data-driven prioritization decisions faster

Stakeholder Communication

Draft PRDs, status updates, and stakeholder presentations

Example

Create executive summary of Q3 roadmap, monthly progress report, feature launch announcement

Save 3-5 hours/week on communication overhead

Implementation Guide

Prerequisites

  • Claude Desktop or compatible AI client
  • Access to product documentation and roadmap tools (Jira, Notion, etc.)
  • Understanding of product management frameworks (RICE, Jobs-to-be-Done, etc.)
  • Stakeholder contact information and communication channels

Time Estimate

30-60 minutes to see productivity improvements

Installation Steps

  1. 1.Install product management skill
  2. 2.Start with user story generation for known feature
  3. 3.Progress to competitive analysis: research 2-3 competitors
  4. 4.Use for roadmap prioritization: apply RICE/ICE scoring
  5. 5.Draft stakeholder communications and refine based on feedback
  6. 6.Build template library for recurring PM tasks
  7. 7.Share effective prompts with product team

Common Pitfalls

  • Not validating competitive research—verify facts before sharing
  • Accepting user stories without involving engineering team
  • Over-relying on frameworks without qualitative judgment
  • Not customizing outputs to company culture and communication style
  • Skipping stakeholder validation of generated requirements

Best Practices

✓ Do

  • +Validate research and competitive analysis with real data
  • +Collaborate with engineering when generating technical requirements
  • +Customize frameworks and templates to your company context
  • +Use skill for first drafts, refine with stakeholder input
  • +Document successful prompt patterns for PM tasks
  • +Combine AI efficiency with human judgment and intuition

✗ Don't

  • Don't publish competitive analysis without fact-checking
  • Don't finalize user stories without engineering review
  • Don't make prioritization decisions solely on AI scoring
  • Don't skip customer validation of generated requirements
  • Don't ignore company-specific context and culture

💡 Pro Tips

  • Provide context: company goals, constraints, customer feedback
  • Ask for alternatives: 'Show 3 ways to prioritize this roadmap'
  • Request stakeholder-specific formatting: 'Executive summary vs. engineering spec'
  • Use skill for 70% generation + 30% customization to company needs

When to Use This

✓ Use When

Use for user story writing, competitive research, roadmap prioritization, stakeholder communication, and PRD drafting. Best for reducing repetitive documentation and research work.

✗ Avoid When

Avoid for strategic product vision (requires deep customer empathy), pricing decisions (needs market and financial expertise), or when face-to-face customer discovery is more valuable than speed.

Learning Path

  1. 1Basic: user stories, feature specs, status updates
  2. 2Intermediate: competitive analysis, prioritization frameworks, PRDs
  3. 3Advanced: product strategy, go-to-market planning, OKR setting
  4. 4Expert: product vision, market positioning, business model innovation

Discussion

Product Hunt–style comments (not star reviews)
  • No comments yet — start the thread.
general reviews

Ratings

4.744 reviews
  • Luis Jain· Dec 28, 2024

    top-100-web-vulnerabilities-reference has been reliable in day-to-day use. Documentation quality is above average for community skills.

  • Chen Abebe· Dec 28, 2024

    Useful defaults in top-100-web-vulnerabilities-reference — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.

  • Liam Park· Dec 8, 2024

    We added top-100-web-vulnerabilities-reference from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.

  • Ganesh Mohane· Dec 4, 2024

    Useful defaults in top-100-web-vulnerabilities-reference — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.

  • Liam Shah· Nov 27, 2024

    Registry listing for top-100-web-vulnerabilities-reference matched our evaluation — installs cleanly and behaves as described in the markdown.

  • Charlotte Wang· Nov 27, 2024

    Solid pick for teams standardizing on skills: top-100-web-vulnerabilities-reference is focused, and the summary matches what you get after install.

  • Sakshi Patil· Nov 23, 2024

    top-100-web-vulnerabilities-reference is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.

  • Charlotte Li· Nov 19, 2024

    top-100-web-vulnerabilities-reference fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.

  • Liam Wang· Nov 19, 2024

    top-100-web-vulnerabilities-reference is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.

  • Liam Tandon· Oct 18, 2024

    top-100-web-vulnerabilities-reference reduced setup friction for our internal harness; good balance of opinion and flexibility.

showing 1-10 of 44

1 / 5