github.com/labstack/echo
Submitted 7/13/2026, 9:35:10 PM · Status: ok
Risk grade
C
30 / 100
Findings
42
0 critical2 high3 medium0 low37 info0 on CISA KEV0ATT&CK
Showing 42 of 42 findings
Findings
- Detected private-key: Identified a Private Key, which may compromise cryptographic security and sensitive data encryptionIdentified a Private Key, which may compromise cryptographic security and sensitive data encryption.gitleaks
- Private Key detected. This is a sensitive credential and should not be hardcoded here. Instead, store this in a separate, private file.semgrep_fixture/certs/key.pem:1
- A session cookie was detected without setting the 'HttpOnly' flag. The 'HttpOnly' flag for cookies instructs the browser to forbid client-side scripts from reading the cookie which mitigates XSS attacA session cookie was detected without setting the 'HttpOnly' flag. The 'HttpOnly' flag for cookies instructs the browser to forbid client-side scripts from reading the cookie which mitigates XSS attacks. Set the 'HttpOnly' flag by setting 'HttpOnly' to 'true' in the Cookie.semgrepmiddleware/csrf.go:226
- A session cookie was detected without setting the 'Secure' flag. The 'secure' flag for cookies prevents the client from transmitting the cookie over insecure channels such as HTTP. Set the 'Secure' flA session cookie was detected without setting the 'Secure' flag. The 'secure' flag for cookies prevents the client from transmitting the cookie over insecure channels such as HTTP. Set the 'Secure' flag by setting 'Secure' to 'true' in the Options struct.semgrepmiddleware/csrf.go:226
- Do not use `math/rand`. Use `crypto/rand` instead.semgrepmiddleware/proxy.go:13
This report is public.