Security Trends Across 9,260 Websites
Aggregated insights from every free and paid security scan we've run. See the most common vulnerabilities and how the web stacks up.
9,260
Scans completed
32
Avg risk score
48%
Security Headers (of findings)
48,415
Total findings
9,200+ Websites scanned with ShipShield
Findings by Category
Size represents frequency. Color represents dominant severity.
Most Common Issues
Top findings ranked by how often they appear across all scans.
Severity Distribution
Breakdown of all findings by severity level.
Only available with ShipShield ($25)
Go Deeper With a Full Codebase Audit
The free scan checks what's visible from the outside. A full ShipShield audit connects to your GitHub repo and analyzes your actual source code, dependencies, infrastructure, and more, covering 5,000,000+ vulnerability signatures.
Exposed Secrets
API keys, credentials, and tokens buried in code and git history
Auth & Authorization
Missing auth checks, weak JWT config, privilege escalation paths
Injection Vulnerabilities
SQL injection, XSS, SSRF, and command injection in your source code
Dependency CVEs
Known vulnerabilities across npm, pip, cargo, and go packages
AI Business Logic Review
AI-powered analysis of input validation, race conditions, and logic flaws
Sensitive Data Flows
PII logging, unencrypted data transmission, and storage issues
Infrastructure Security
Rate limiting, request size limits, and file upload restrictions
Docker & Container Scanning
Container misconfigs, exposed ports, running as root, OS-level CVEs
License Compliance
GPL/AGPL copyleft detection across all your dependencies
SBOM Generation
SPDX-format Software Bill of Materials for compliance and audits
Supply Chain Security
Typosquatting detection and suspicious package analysis
Professional PDF Report
Detailed findings with severity ratings, code references, and AI-powered fix suggestions
Scans complete in 2-8 minutes · Automatic refund if scan fails