Update security-severity scores

2026-05-04 05:05:12 +02:00 · 2021-06-15 13:25:17 +01:00
parent 19305a217a
commit 771e686946
343 changed files with 343 additions and 343 deletions
--- a/javascript/ql/src/AngularJS/DisablingSce.ql
+++ b/javascript/ql/src/AngularJS/DisablingSce.ql
@@ -3,7 +3,7 @@
 * @description Disabling strict contextual escaping (SCE) can cause security vulnerabilities.
 * @kind problem
 * @problem.severity warning
- * @security-severity 5.9
+ * @security-severity 7.8
 * @precision very-high
 * @id js/angular/disabling-sce
 * @tags security
--- a/javascript/ql/src/AngularJS/DoubleCompilation.ql
+++ b/javascript/ql/src/AngularJS/DoubleCompilation.ql
@@ -4,7 +4,7 @@
 *              unexpected behavior of directives, performance problems, and memory leaks.
 * @kind problem
 * @problem.severity warning
- * @security-severity 5.9
+ * @security-severity 8.8
 * @id js/angular/double-compilation
 * @tags reliability
 *       frameworks/angularjs
--- a/javascript/ql/src/AngularJS/InsecureUrlWhitelist.ql
+++ b/javascript/ql/src/AngularJS/InsecureUrlWhitelist.ql
@@ -3,7 +3,7 @@
 * @description URL whitelists that are too permissive can cause security vulnerabilities.
 * @kind problem
 * @problem.severity warning
- * @security-severity 6.4
+ * @security-severity 7.5
 * @precision very-high
 * @id js/angular/insecure-url-whitelist
 * @tags security
--- a/javascript/ql/src/DOM/TargetBlank.ql
+++ b/javascript/ql/src/DOM/TargetBlank.ql
@@ -4,7 +4,7 @@
 *              link type 'noopener' or 'noreferrer' are a potential security risk.
 * @kind problem
 * @problem.severity warning
- * @security-severity 3.6
+ * @security-severity 6.5
 * @id js/unsafe-external-link
 * @tags maintainability
 *       security
--- a/javascript/ql/src/Electron/AllowRunningInsecureContent.ql
+++ b/javascript/ql/src/Electron/AllowRunningInsecureContent.ql
@@ -3,7 +3,7 @@
 * @description Enabling allowRunningInsecureContent can allow remote code execution.
 * @kind problem
 * @problem.severity error
- * @security-severity 5.9
+ * @security-severity 8.8
 * @precision very-high
 * @tags security
 *       frameworks/electron
--- a/javascript/ql/src/Electron/DisablingWebSecurity.ql
+++ b/javascript/ql/src/Electron/DisablingWebSecurity.ql
@@ -3,7 +3,7 @@
 * @description Disabling webSecurity can cause critical security vulnerabilities.
 * @kind problem
 * @problem.severity error
- * @security-severity 2.9
+ * @security-severity 6.1
 * @precision very-high
 * @tags security
 *       frameworks/electron
--- a/javascript/ql/src/Electron/EnablingNodeIntegration.ql
+++ b/javascript/ql/src/Electron/EnablingNodeIntegration.ql
@@ -3,7 +3,7 @@
 * @description Enabling `nodeIntegration` or `nodeIntegrationInWorker` can expose the application to remote code execution.
 * @kind problem
 * @problem.severity warning
- * @security-severity 10.0
+ * @security-severity 9.3
 * @precision low
 * @id js/enabling-electron-renderer-node-integration
 * @tags security
--- a/javascript/ql/src/Performance/PolynomialReDoS.ql
+++ b/javascript/ql/src/Performance/PolynomialReDoS.ql
@@ -4,7 +4,7 @@
 *              to match may be vulnerable to denial-of-service attacks.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 3.6
+ * @security-severity 7.5
 * @precision high
 * @id js/polynomial-redos
 * @tags security
--- a/javascript/ql/src/Performance/ReDoS.ql
+++ b/javascript/ql/src/Performance/ReDoS.ql
@@ -5,7 +5,7 @@
 *              attacks.
 * @kind problem
 * @problem.severity error
- * @security-severity 3.6
+ * @security-severity 7.5
 * @precision high
 * @id js/redos
 * @tags security
--- a/javascript/ql/src/RegExp/IdentityReplacement.ql
+++ b/javascript/ql/src/RegExp/IdentityReplacement.ql
@@ -3,7 +3,7 @@
 * @description Replacing a substring with itself has no effect and may indicate a mistake.
 * @kind problem
 * @problem.severity warning
- * @security-severity 5.9
+ * @security-severity 7.8
 * @id js/identity-replacement
 * @precision very-high
 * @tags correctness
--- a/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql
+++ b/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql
@@ -3,7 +3,7 @@
 * @description Matching a URL or hostname against a regular expression that contains an unescaped dot as part of the hostname might match more hostnames than expected.
 * @kind problem
 * @problem.severity warning
- * @security-severity 5.9
+ * @security-severity 7.8
 * @precision high
 * @id js/incomplete-hostname-regexp
 * @tags correctness
--- a/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql
+++ b/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql
@@ -4,7 +4,7 @@
 *              and "data:" suggests a logic error or even a security vulnerability.
 * @kind problem
 * @problem.severity warning
- * @security-severity 5.9
+ * @security-severity 7.8
 * @precision high
 * @id js/incomplete-url-scheme-check
 * @tags security
--- a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql
+++ b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql
@@ -3,7 +3,7 @@
 * @description Security checks on the substrings of an unparsed URL are often vulnerable to bypassing.
 * @kind problem
 * @problem.severity warning
- * @security-severity 5.9
+ * @security-severity 7.8
 * @precision high
 * @id js/incomplete-url-substring-sanitization
 * @tags correctness
--- a/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql
+++ b/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql
@@ -3,7 +3,7 @@
 * @description Using indexOf to implement endsWith functionality is error-prone if the -1 case is not explicitly handled.
 * @kind problem
 * @problem.severity error
- * @security-severity 5.9
+ * @security-severity 7.8
 * @precision high
 * @id js/incorrect-suffix-check
 * @tags security
--- a/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql
+++ b/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql
@@ -3,7 +3,7 @@
 * @description Regular expressions without anchors can be vulnerable to bypassing.
 * @kind problem
 * @problem.severity warning
- * @security-severity 5.9
+ * @security-severity 7.8
 * @precision medium
 * @id js/regex/missing-regexp-anchor
 * @tags correctness
--- a/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql
+++ b/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql
@@ -5,7 +5,7 @@
 * @kind path-problem
 * @precision low
 * @problem.severity error
- * @security-severity 5.9
+ * @security-severity 7.8
 * @tags security external/cwe/cwe-20
 */

--- a/javascript/ql/src/Security/CWE-020/UselessRegExpCharacterEscape.ql
+++ b/javascript/ql/src/Security/CWE-020/UselessRegExpCharacterEscape.ql
@@ -5,7 +5,7 @@
 *              behave unexpectedly.
 * @kind problem
 * @problem.severity error
- * @security-severity 5.9
+ * @security-severity 7.8
 * @precision high
 * @id js/useless-regexp-character-escape
 * @tags correctness
--- a/javascript/ql/src/Security/CWE-022/TaintedPath.ql
+++ b/javascript/ql/src/Security/CWE-022/TaintedPath.ql
@@ -4,7 +4,7 @@
 *              unexpected resources.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 6.4
+ * @security-severity 7.5
 * @precision high
 * @id js/path-injection
 * @tags security
--- a/javascript/ql/src/Security/CWE-022/ZipSlip.ql
+++ b/javascript/ql/src/Security/CWE-022/ZipSlip.ql
@@ -6,7 +6,7 @@
 * @kind path-problem
 * @id js/zipslip
 * @problem.severity error
- * @security-severity 6.4
+ * @security-severity 7.5
 * @precision high
 * @tags security
 *       external/cwe/cwe-022
--- a/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql
+++ b/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql
@@ -3,7 +3,7 @@
 * @description Instantiating a template using a user-controlled object is vulnerable to local file read and potential remote code execution.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 10.0
+ * @security-severity 9.3
 * @precision high
 * @id js/template-object-injection
 * @tags security
--- a/javascript/ql/src/Security/CWE-078/CommandInjection.ql
+++ b/javascript/ql/src/Security/CWE-078/CommandInjection.ql
@@ -4,7 +4,7 @@
 *              user to change the meaning of the command.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 5.9
+ * @security-severity 9.8
 * @precision high
 * @id js/command-line-injection
 * @tags correctness
--- a/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql
+++ b/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql
@@ -5,7 +5,7 @@
 *              command-line injection vulnerabilities.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 5.9
+ * @security-severity 9.8
 * @precision medium
 * @id js/indirect-command-line-injection
 * @tags correctness
--- a/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql
+++ b/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql
@@ -4,7 +4,7 @@
 *              environment may cause subtle bugs or vulnerabilities.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 5.9
+ * @security-severity 9.8
 * @precision high
 * @id js/shell-command-injection-from-environment
 * @tags correctness
--- a/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql
+++ b/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql
@@ -4,7 +4,7 @@
 *              user to change the meaning of the command.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 5.9
+ * @security-severity 9.8
 * @precision high
 * @id js/shell-command-constructed-from-input
 * @tags correctness
--- a/javascript/ql/src/Security/CWE-078/UselessUseOfCat.ql
+++ b/javascript/ql/src/Security/CWE-078/UselessUseOfCat.ql
@@ -3,7 +3,7 @@
 * @description Using the  `cat` process to read a file is unnecessarily complex, inefficient, unportable, and can lead to subtle bugs, or even security vulnerabilities.
 * @kind problem
 * @problem.severity error
- * @security-severity 5.9
+ * @security-severity 9.8
 * @precision high
 * @id js/unnecessary-use-of-cat
 * @tags correctness
--- a/javascript/ql/src/Security/CWE-079/ExceptionXss.ql
+++ b/javascript/ql/src/Security/CWE-079/ExceptionXss.ql
@@ -4,7 +4,7 @@
 *              can lead to a cross-site scripting vulnerability.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 2.9
+ * @security-severity 6.1
 * @precision high
 * @id js/xss-through-exception
 * @tags security
--- a/javascript/ql/src/Security/CWE-079/ReflectedXss.ql
+++ b/javascript/ql/src/Security/CWE-079/ReflectedXss.ql
@@ -4,7 +4,7 @@
 *              a cross-site scripting vulnerability.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 2.9
+ * @security-severity 6.1
 * @precision high
 * @id js/reflected-xss
 * @tags security
--- a/javascript/ql/src/Security/CWE-079/StoredXss.ql
+++ b/javascript/ql/src/Security/CWE-079/StoredXss.ql
@@ -4,7 +4,7 @@
 *              a stored cross-site scripting vulnerability.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 2.9
+ * @security-severity 6.1
 * @precision high
 * @id js/stored-xss
 * @tags security
--- a/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql
+++ b/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql
@@ -4,7 +4,7 @@
 *              user to perform a cross-site scripting attack.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 2.9
+ * @security-severity 6.1
 * @precision high
 * @id js/html-constructed-from-input
 * @tags security
--- a/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql
+++ b/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql
@@ -3,7 +3,7 @@
 * @description A jQuery plugin that unintentionally constructs HTML from some of its options may be unsafe to use for clients.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 2.9
+ * @security-severity 6.1
 * @precision high
 * @id js/unsafe-jquery-plugin
 * @tags security
--- a/javascript/ql/src/Security/CWE-079/Xss.ql
+++ b/javascript/ql/src/Security/CWE-079/Xss.ql
@@ -4,7 +4,7 @@
 *              a cross-site scripting vulnerability.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 2.9
+ * @security-severity 6.1
 * @precision high
 * @id js/xss
 * @tags security
--- a/javascript/ql/src/Security/CWE-079/XssThroughDom.ql
+++ b/javascript/ql/src/Security/CWE-079/XssThroughDom.ql
@@ -4,7 +4,7 @@
 *              can lead to a cross-site scripting vulnerability.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 2.9
+ * @security-severity 6.1
 * @precision high
 * @id js/xss-through-dom
 * @tags security
--- a/javascript/ql/src/Security/CWE-089/SqlInjection.ql
+++ b/javascript/ql/src/Security/CWE-089/SqlInjection.ql
@@ -4,7 +4,7 @@
 *              malicious code by the user.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 6.4
+ * @security-severity 8.8
 * @precision high
 * @id js/sql-injection
 * @tags security
--- a/javascript/ql/src/Security/CWE-094/CodeInjection.ql
+++ b/javascript/ql/src/Security/CWE-094/CodeInjection.ql
@@ -4,7 +4,7 @@
 *              code execution.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 2.9
+ * @security-severity 6.1
 * @precision high
 * @id js/code-injection
 * @tags security
--- a/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql
+++ b/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql
@@ -3,7 +3,7 @@
 * @description Escaping code as HTML does not provide protection against code injection.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 2.9
+ * @security-severity 6.1
 * @precision high
 * @id js/bad-code-sanitization
 * @tags security
--- a/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql
+++ b/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql
@@ -3,7 +3,7 @@
 * @description Invoking user-controlled methods on certain objects can lead to remote code execution.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 10.0
+ * @security-severity 9.3
 * @precision high
 * @id js/unsafe-dynamic-method-access
 * @tags security
--- a/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql
+++ b/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql
@@ -5,7 +5,7 @@
 *              and conversely it has to be unescaped last to avoid double-unescaping.
 * @kind problem
 * @problem.severity warning
- * @security-severity 5.9
+ * @security-severity 7.8
 * @precision high
 * @id js/double-escaping
 * @tags correctness
--- a/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql
+++ b/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql
@@ -5,7 +5,7 @@
 *              scripting vulnerability.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 3.6
+ * @security-severity 6.1
 * @precision high
 * @id js/incomplete-html-attribute-sanitization
 * @tags security
--- a/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql
+++ b/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql
@@ -3,7 +3,7 @@
 * @description A sanitizer that removes a sequence of characters may reintroduce the dangerous sequence.
 * @kind problem
 * @problem.severity warning
- * @security-severity 5.9
+ * @security-severity 7.8
 * @precision high
 * @id js/incomplete-multi-character-sanitization
 * @tags correctness
--- a/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql
+++ b/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql
@@ -4,7 +4,7 @@
 *              meta-character may be ineffective.
 * @kind problem
 * @problem.severity warning
- * @security-severity 5.9
+ * @security-severity 7.8
 * @precision high
 * @id js/incomplete-sanitization
 * @tags correctness
--- a/javascript/ql/src/Security/CWE-116/UnsafeHtmlExpansion.ql
+++ b/javascript/ql/src/Security/CWE-116/UnsafeHtmlExpansion.ql
@@ -4,7 +4,7 @@
 *              tags may lead to cross-site scripting vulnerabilities.
 * @kind problem
 * @problem.severity warning
- * @security-severity 2.9
+ * @security-severity 6.1
 * @precision very-high
 * @id js/unsafe-html-expansion
 * @tags correctness
--- a/javascript/ql/src/Security/CWE-117/LogInjection.ql
+++ b/javascript/ql/src/Security/CWE-117/LogInjection.ql
@@ -4,7 +4,7 @@
 *              insertion of forged log entries by a malicious user.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 5.9
+ * @security-severity 7.8
 * @precision medium
 * @id js/log-injection
 * @tags security
--- a/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql
+++ b/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql
@@ -3,7 +3,7 @@
 * @description Using external input in format strings can lead to garbled output.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 6.9
+ * @security-severity 9.3
 * @precision high
 * @id js/tainted-format-string
 * @tags security
--- a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql
+++ b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql
@@ -3,7 +3,7 @@
 * @description Directly sending file data in an outbound network request can indicate unauthorized information disclosure.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 3.6
+ * @security-severity 6.5
 * @precision medium
 * @id js/file-access-to-http
 * @tags security
--- a/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql
+++ b/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql
@@ -4,7 +4,7 @@
 *              of private information.
 * @kind problem
 * @problem.severity warning
- * @security-severity 3.6
+ * @security-severity 6.5
 * @id js/exposure-of-private-files
 * @tags security
 *       external/cwe/cwe-200
--- a/javascript/ql/src/Security/CWE-201/PostMessageStar.ql
+++ b/javascript/ql/src/Security/CWE-201/PostMessageStar.ql
@@ -5,7 +5,7 @@
 *              information leaks.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 1.4
+ * @security-severity 4.3
 * @precision high
 * @id js/cross-window-information-leak
 * @tags security
--- a/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql
+++ b/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql
@@ -5,7 +5,7 @@
 *              to an attacker for developing a subsequent exploit.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 3.6
+ * @security-severity 5.4
 * @precision very-high
 * @id js/stack-trace-exposure
 * @tags security
--- a/javascript/ql/src/Security/CWE-295/DisablingCertificateValidation.ql
+++ b/javascript/ql/src/Security/CWE-295/DisablingCertificateValidation.ql
@@ -3,7 +3,7 @@
 * @description Disabling cryptographic certificate validation can cause security vulnerabilities.
 * @kind problem
 * @problem.severity error
- * @security-severity 5.2
+ * @security-severity 7.5
 * @precision very-high
 * @id js/disabling-certificate-validation
 * @tags security
--- a/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql
+++ b/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql
@@ -4,7 +4,7 @@
 *              expose it to an attacker.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 5.9
+ * @security-severity 7.5
 * @precision high
 * @id js/build-artifact-leak
 * @tags security
--- a/javascript/ql/src/Security/CWE-312/CleartextLogging.ql
+++ b/javascript/ql/src/Security/CWE-312/CleartextLogging.ql
@@ -4,7 +4,7 @@
 *              expose it to an attacker.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 5.9
+ * @security-severity 7.5
 * @precision high
 * @id js/clear-text-logging
 * @tags security
--- a/javascript/ql/src/Security/CWE-312/CleartextStorage.ql
+++ b/javascript/ql/src/Security/CWE-312/CleartextStorage.ql
@@ -4,7 +4,7 @@
 *              attacker.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 5.9
+ * @security-severity 7.5
 * @precision high
 * @id js/clear-text-storage-of-sensitive-data
 * @tags security
--- a/javascript/ql/src/Security/CWE-313/PasswordInConfigurationFile.ql
+++ b/javascript/ql/src/Security/CWE-313/PasswordInConfigurationFile.ql
@@ -3,7 +3,7 @@
 * @description Storing unencrypted passwords in configuration files is unsafe.
 * @kind problem
 * @problem.severity warning
- * @security-severity 3.6
+ * @security-severity 7.5
 * @precision medium
 * @id js/password-in-configuration-file
 * @tags security
--- a/javascript/ql/src/Security/CWE-327/BadRandomness.ql
+++ b/javascript/ql/src/Security/CWE-327/BadRandomness.ql
@@ -4,7 +4,7 @@
 *              the results and compromise security.
 * @kind problem
 * @problem.severity warning
- * @security-severity 5.2
+ * @security-severity 7.5
 * @precision high
 * @id js/biased-cryptographic-random
 * @tags security
--- a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql
+++ b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql
@@ -3,7 +3,7 @@
 * @description Using broken or weak cryptographic algorithms can compromise security.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 5.2
+ * @security-severity 7.5
 * @precision high
 * @id js/weak-cryptographic-algorithm
 * @tags security
--- a/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql
+++ b/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql
@@ -5,7 +5,7 @@
 *              be generated.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 5.9
+ * @security-severity 7.8
 * @precision high
 * @id js/insecure-randomness
 * @tags security
--- a/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql
+++ b/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql
@@ -3,7 +3,7 @@
 * @description Misconfiguration of CORS HTTP headers allows for leaks of secret credentials.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 5.2
+ * @security-severity 7.5
 * @precision high
 * @id js/cors-misconfiguration-for-credentials
 * @tags security
--- a/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql
+++ b/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql
@@ -4,7 +4,7 @@
 *              submit requests on behalf of the user.
 * @kind problem
 * @problem.severity error
- * @security-severity 6.4
+ * @security-severity 8.8
 * @precision high
 * @id js/missing-token-validation
 * @tags security
--- a/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql
+++ b/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql
@@ -3,7 +3,7 @@
 * @description Processing user-controlled object hierarchies inefficiently can lead to denial of service.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 3.6
+ * @security-severity 7.5
 * @precision high
 * @id js/resource-exhaustion-from-deep-object-traversal
 * @tags security
--- a/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql
+++ b/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql
@@ -4,7 +4,7 @@
 *              denial-of-service attacks.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 3.6
+ * @security-severity 7.5
 * @precision medium
 * @id js/remote-property-injection
 * @tags security
--- a/javascript/ql/src/Security/CWE-451/MissingXFrameOptions.ql
+++ b/javascript/ql/src/Security/CWE-451/MissingXFrameOptions.ql
@@ -4,7 +4,7 @@
 *              overlay their own UI on top of the site by using an iframe.
 * @kind problem
 * @problem.severity error
- * @security-severity 5.9
+ * @security-severity 7.5
 * @precision low
 * @id js/missing-x-frame-options
 * @tags security
--- a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql
+++ b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql
@@ -4,7 +4,7 @@
 *              execute arbitrary code.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 5.9
+ * @security-severity 9.8
 * @precision high
 * @id js/unsafe-deserialization
 * @tags security
--- a/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql
+++ b/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql
@@ -5,7 +5,7 @@
 *              be avoided.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 5.2
+ * @security-severity 9.1
 * @precision medium
 * @id js/hardcoded-data-interpreted-as-code
 * @tags security
--- a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql
+++ b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql
@@ -4,7 +4,7 @@
 *              may cause redirection to malicious web sites.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 2.9
+ * @security-severity 6.1
 * @precision high
 * @id js/client-side-unvalidated-url-redirection
 * @tags security
--- a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql
+++ b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql
@@ -4,7 +4,7 @@
 *              may cause redirection to malicious web sites.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 2.7
+ * @security-severity 6.1
 * @id js/server-side-unvalidated-url-redirection
 * @tags security
 *       external/cwe/cwe-601
--- a/javascript/ql/src/Security/CWE-611/Xxe.ql
+++ b/javascript/ql/src/Security/CWE-611/Xxe.ql
@@ -4,7 +4,7 @@
 *              entity expansion is vulnerable to XXE attacks.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 5.9
+ * @security-severity 9.1
 * @precision high
 * @id js/xxe
 * @tags security
--- a/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql
+++ b/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql
@@ -4,7 +4,7 @@
 *              attacks and leak password reset tokens.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 5.9
+ * @security-severity 9.8
 * @precision high
 * @id js/host-header-forgery-in-email-generation
 * @tags security
--- a/javascript/ql/src/Security/CWE-643/XpathInjection.ql
+++ b/javascript/ql/src/Security/CWE-643/XpathInjection.ql
@@ -4,7 +4,7 @@
 *              malicious code by the user.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 5.9
+ * @security-severity 9.8
 * @precision high
 * @id js/xpath-injection
 * @tags security
--- a/javascript/ql/src/Security/CWE-730/RegExpInjection.ql
+++ b/javascript/ql/src/Security/CWE-730/RegExpInjection.ql
@@ -5,7 +5,7 @@
 *              exponential time on certain inputs.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 3.6
+ * @security-severity 7.5
 * @precision high
 * @id js/regex-injection
 * @tags security
--- a/javascript/ql/src/Security/CWE-730/ServerCrash.ql
+++ b/javascript/ql/src/Security/CWE-730/ServerCrash.ql
@@ -4,7 +4,7 @@
 *              attacks.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 3.6
+ * @security-severity 7.5
 * @precision high
 * @id js/server-crash
 * @tags security
--- a/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql
+++ b/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql
@@ -4,7 +4,7 @@
 *              an unexpected target, which could cause an exception.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 4.2
+ * @security-severity 7.5
 * @precision high
 * @id js/unvalidated-dynamic-method-call
 * @tags security
--- a/javascript/ql/src/Security/CWE-770/MissingRateLimiting.ql
+++ b/javascript/ql/src/Security/CWE-770/MissingRateLimiting.ql
@@ -5,7 +5,7 @@
 *              to denial-of-service attacks.
 * @kind problem
 * @problem.severity error
- * @security-severity 3.6
+ * @security-severity 7.5
 * @precision high
 * @id js/missing-rate-limiting
 * @tags security
--- a/javascript/ql/src/Security/CWE-776/XmlBomb.ql
+++ b/javascript/ql/src/Security/CWE-776/XmlBomb.ql
@@ -4,7 +4,7 @@
 *              entity expansion is vulnerable to denial-of-service attacks.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 3.6
+ * @security-severity 7.5
 * @precision high
 * @id js/xml-bomb
 * @tags security
--- a/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql
+++ b/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql
@@ -4,7 +4,7 @@
 *              to gain unauthorized access.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 5.9
+ * @security-severity 9.8
 * @precision high
 * @id js/hardcoded-credentials
 * @tags security
--- a/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql
+++ b/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql
@@ -3,7 +3,7 @@
 * @description Conditions that the user controls are not suited for making security-related decisions.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 5.9
+ * @security-severity 7.8
 * @precision medium
 * @id js/user-controlled-bypass
 * @tags security
--- a/javascript/ql/src/Security/CWE-807/DifferentKindsComparisonBypass.ql
+++ b/javascript/ql/src/Security/CWE-807/DifferentKindsComparisonBypass.ql
@@ -3,7 +3,7 @@
 * @description Comparing different kinds of HTTP request data may be a symptom of an insufficient security check.
 * @kind problem
 * @problem.severity error
- * @security-severity 5.9
+ * @security-severity 7.8
 * @precision low
 * @id js/different-kinds-comparison-bypass
 * @tags security
--- a/javascript/ql/src/Security/CWE-829/InsecureDownload.ql
+++ b/javascript/ql/src/Security/CWE-829/InsecureDownload.ql
@@ -4,7 +4,7 @@
 *              opens up for potential man-in-the-middle attacks.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 6.4
+ * @security-severity 8.1
 * @precision high
 * @id js/insecure-download
 * @tags security
--- a/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql
+++ b/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql
@@ -4,7 +4,7 @@
 *              property can cause indefinite looping.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 3.6
+ * @security-severity 6.5
 * @id js/loop-bound-injection
 * @tags security
 *       external/cwe/cwe-834
--- a/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql
+++ b/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql
@@ -3,7 +3,7 @@
 * @description Sanitizing an HTTP request parameter may be ineffective if the user controls its type.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 5.9
+ * @security-severity 9.8
 * @precision high
 * @id js/type-confusion-through-parameter-tampering
 * @tags security
--- a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql
+++ b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql
@@ -3,7 +3,7 @@
 * @description Writing network data directly to the file system allows arbitrary file upload and might indicate a backdoor.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 5.9
+ * @security-severity 9.8
 * @precision medium
 * @id js/http-to-file-access
 * @tags security
--- a/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql
+++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql
@@ -5,7 +5,7 @@
 *              and possibly escalate to remote code execution or cross-site scripting.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 3.6
+ * @security-severity 6.1
 * @precision high
 * @id js/prototype-polluting-assignment
 * @tags security
--- a/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql
+++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql
@@ -4,7 +4,7 @@
 *              the cause of accidental modification of a built-in prototype object.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 3.6
+ * @security-severity 6.1
 * @precision high
 * @id js/prototype-pollution-utility
 * @tags security
--- a/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql
+++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql
@@ -5,7 +5,7 @@
 *              and possibly escalate to remote code execution or cross-site scripting.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 3.6
+ * @security-severity 6.1
 * @precision high
 * @id js/prototype-pollution
 * @tags security
--- a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql
+++ b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql
@@ -3,7 +3,7 @@
 * @description Creating a hash of a password with low computational effort makes the hash vulnerable to password cracking attacks.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 5.9
+ * @security-severity 8.1
 * @precision high
 * @id js/insufficient-password-hash
 * @tags security
--- a/javascript/ql/src/Security/CWE-918/RequestForgery.ql
+++ b/javascript/ql/src/Security/CWE-918/RequestForgery.ql
@@ -3,7 +3,7 @@
 * @description Sending network requests with user-controlled data allows for request forgery attacks.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 5.9
+ * @security-severity 9.1
 * @precision medium
 * @id js/request-forgery
 * @tags security