Vulnerable Version detection
JavaScript Packages
JavaScript plays a crucial role in modern web applications, but outdated or vulnerable packages can introduce serious security risks. In this section, we identify all JavaScript libraries and frameworks used in the application, analyze their versions, and check if they have known vulnerabilities.
Each detected package is assessed for security issues, and the known public vulnerabilities are marked: Critical, Medium, or Informational. This allows teams to quickly prioritize fixes and ensure their packages remain secure.
For each vulnerable package, ZeroThreat provide:
- Package Name & Version – Identifies the exact library in use.
- Known Vulnerabilities – Lists security issues and CVEs associated with the detected version.
- Severity Rating – Highlights the risk level of each vulnerability.
.png)
Keeping JavaScript dependencies up to date is essential to prevent against known security exploits and CVEs.
Server-Side Technologies
The backend of a web application relies on various server-side technologies, including frameworks, databases, web servers, and programming languages. This section detects all backend technologies in use and evaluates their security posture.
Just like JavaScript packages, outdated server-side components can expose applications to attacks. ZeroThreat check for known vulnerabilities along with their CVEs in these technologies and mark them according to severity.
For each detected server-side technology, ZeroThreat provide:
- Technology Name & Version – Identifies the backend framework, database, or web server version in use.
- Known Vulnerabilities – Lists security issues and CVEs associated with the detected version.
- Severity Rating – Categorizes risks based on the impact of vulnerabilities.
.png)
Ensuring that all packages, versions and technologies are up to date is a key step in securing web applications and reducing the attack surface.