Zombie Code Review

ISGroup SRL performed an automated Code Review (not a real Static Analysis, more a grep-on-steroid) of this NodeJS project in order to identify potential security vulnerabilities. We do not guarantee that all the findings are valid, and for sure there are plenty of false-positives and false-negatives (undetected issues) but it's free and your project could benefit from this security analisys. The following data is also available in JSON format!

Possible Security Issues

Issue	Description	Line	File
Username Hardcoded	A hardcoded username in plain text was identified. Store it properly in a config file.	38	test/authentication_test.js
Password Hardcoded	A hardcoded password in plain text was identified. Store it properly in a config file.	39	test/authentication_test.js
Username Hardcoded	A hardcoded username in plain text was identified. Store it properly in a config file.	52	test/authentication_test.js
Password Hardcoded	A hardcoded password in plain text was identified. Store it properly in a config file.	53	test/authentication_test.js
Username Hardcoded	A hardcoded username in plain text was identified. Store it properly in a config file.	95	test/authentication_test.js
Password Hardcoded	A hardcoded password in plain text was identified. Store it properly in a config file.	96	test/authentication_test.js
Weak Hash used - MD5	MD5 is a a weak hash which is known to have collision. Use a strong hashing function.	1151	test/forms_test.js
Weak Hash used - MD5	MD5 is a a weak hash which is known to have collision. Use a strong hashing function.	1195	test/forms_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	48	test/websocket_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	98	test/websocket_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	36	test/event_loop_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	54	test/event_loop_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	65	test/event_loop_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	66	test/event_loop_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	68	test/event_loop_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	85	test/event_loop_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	88	test/event_loop_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	103	test/event_loop_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	106	test/event_loop_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	109	test/event_loop_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	131	test/event_loop_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	132	test/event_loop_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	133	test/event_loop_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	148	test/event_loop_test.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	223	test/event_loop_test.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	235	test/event_loop_test.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	249	test/event_loop_test.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	263	test/event_loop_test.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	278	test/event_loop_test.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	300	test/event_loop_test.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	349	test/event_loop_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	381	test/event_loop_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	481	test/event_loop_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	24	test/event_source_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	43	test/event_source_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	48	test/event_source_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	52	test/event_source_test.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	206	test/document_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	223	test/browser_events_test.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	247	test/browser_events_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	273	test/browser_events_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	128	test/script_test.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	231	test/script_test.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	829	test/scripts/jquery-2.0.1.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3770	test/scripts/jquery-2.0.1.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	7300	test/scripts/jquery-2.0.1.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	7919	test/scripts/jquery-2.0.1.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	8567	test/scripts/jquery-2.0.1.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	425	test/scripts/jquery-1.4.4.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	469	test/scripts/jquery-1.4.4.js
Server Side Injection(SSI) - new Function()	User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	581	test/scripts/jquery-1.4.4.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	899	test/scripts/jquery-1.4.4.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1414	test/scripts/jquery-1.4.4.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	6044	test/scripts/jquery-1.4.4.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	6646	test/scripts/jquery-1.4.4.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	425	test/scripts/jquery-1.6.3.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	457	test/scripts/jquery-1.6.3.js
Server Side Injection(SSI) - new Function()	User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	576	test/scripts/jquery-1.6.3.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	947	test/scripts/jquery-1.6.3.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1783	test/scripts/jquery-1.6.3.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1899	test/scripts/jquery-1.6.3.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	7419	test/scripts/jquery-1.6.3.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	8343	test/scripts/jquery-1.6.3.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	8469	test/scripts/jquery-1.6.3.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	423	test/scripts/jquery-1.7.1.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	455	test/scripts/jquery-1.7.1.js
Server Side Injection(SSI) - new Function()	User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	574	test/scripts/jquery-1.7.1.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	947	test/scripts/jquery-1.7.1.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1990	test/scripts/jquery-1.7.1.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2108	test/scripts/jquery-1.7.1.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	7573	test/scripts/jquery-1.7.1.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	8535	test/scripts/jquery-1.7.1.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	8672	test/scripts/jquery-1.7.1.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	394	test/scripts/jquery-1.8.0.js
Server Side Injection(SSI) - new Function()	User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	523	test/scripts/jquery-1.8.0.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	851	test/scripts/jquery-1.8.0.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	886	test/scripts/jquery-1.8.0.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1950	test/scripts/jquery-1.8.0.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	7759	test/scripts/jquery-1.8.0.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	8308	test/scripts/jquery-1.8.0.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	8386	test/scripts/jquery-1.8.0.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	8959	test/scripts/jquery-1.8.0.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	829	test/scripts/jquery-2.0.3.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3758	test/scripts/jquery-2.0.3.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	7294	test/scripts/jquery-2.0.3.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	7913	test/scripts/jquery-2.0.3.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	8559	test/scripts/jquery-2.0.3.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	408	test/scripts/jquery-1.5.1.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	440	test/scripts/jquery-1.5.1.js
Server Side Injection(SSI) - new Function()	User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	552	test/scripts/jquery-1.5.1.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1079	test/scripts/jquery-1.5.1.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1724	test/scripts/jquery-1.5.1.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	6760	test/scripts/jquery-1.5.1.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	7780	test/scripts/jquery-1.5.1.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3	test/scripts/jquery-1.9.1.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	5	test/scripts/jquery-1.9.1.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	5	test/scripts/jquery-1.9.1.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	273	test/scripts/sammy.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	280	test/scripts/sammy.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1342	test/scripts/sammy.js
Server Side Injection(SSI) - new Function()	User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	992	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2733	test/scripts/angular-1.3.0.js
Key Hardcoded	A hardcoded key in plain text was identified.	4566	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	4745	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	5010	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	5020	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	6033	test/scripts/angular-1.3.0.js
Username Hardcoded	A hardcoded username in plain text was identified. Store it properly in a config file.	9646	test/scripts/angular-1.3.0.js
Username Hardcoded	A hardcoded username in plain text was identified. Store it properly in a config file.	9647	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	9983	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - new Function()	User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	12074	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	12402	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	12438	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	13710	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	13881	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	13882	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	13962	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	13975	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	13992	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	14029	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	20625	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	20908	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	21076	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	21414	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	21423	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	22137	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	23053	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	23082	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	23191	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	23411	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	23430	test/scripts/angular-1.3.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	57	test/replay/maps.gstatic.com/main.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	58	test/replay/maps.gstatic.com/main.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	28	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	29	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	30	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	38	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	49	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	50	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	54	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	56	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	56	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	58	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	58	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	62	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	63	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	63	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	64	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	70	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	71	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	71	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	74	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	74	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	77	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	78	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	78	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	79	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	82	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	84	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	96	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	115	test/replay/connect.facebook.net/all.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	40	src/eventloop.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	85	src/eventloop.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	287	src/eventloop.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	310	src/eventloop.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	411	src/eventloop.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	229	src/document.js
SSRF - Server Side Request Forgery	User controlled data in 'request()'' can result in Server Side Request Forgery (SSRF).	9	src/pipeline.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	128	src/xhr.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	74	src/dom/scripts.js

Issue	Description
Missing Security Header - Content-Security-Policy (CSP)	Content Security Policy (CSP), a mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS). CSP Header was not found.
Missing Security Header - Strict-Transport-Security (HSTS)	Strict-Transport-Security (HSTS) header enforces secure (HTTP over SSL/TLS) connections to the server.
Infromation Disclosure - X-Powered-By	Remove the X-Powered-By header to prevent information gathering.
Missing Security Header - X-Download-Options: noopen	X-Download-Options header set to noopen prevents IE users from directly opening and executing downloads in your site's context.
Missing Security Header - Public-Key-Pins (HPKP)	Public-Key-Pins (HPKP) ensures that certificate is Pinned.

Node.Security

Security Audit of Zombie