Private APIs at Risk


We investigated API vulnerabilities that were publicly disclosed in Q1-2023, and the types of software vendors involved. We also analyzed publicly disclosed exploit POCs to determine where the risk lies. We mapped these issues across industry standards, including both OWASP Top-10 (2021) for web apps and OWASP API Security Top-10 (2019), CVSS scores, and CWEs. Data is collected continuously throughout the year; this snapshot for the Q1-2023 data was taken on 04/07. Use this data both to assess your exposure and to reduce the risk in your API portfolio.

And the Risk Remains High The number of API vulnerabilities analyzed in Q1-2023 continues to rise – up 12% from last quarter.

The average CVSS score in Q1 is 7.2 (High) – somewhat lower than in Q4-2022. But we should note that the median has held steady at 7.5 (High) since we started analyzing these data back in Q1-2022.

We do see a somewhat lower number of Critical & High vulnerabilities (55% vs. 57%), but it’s too early to call this a trend.


Leave a Reply

Your email address will not be published. Required fields are marked *