The VYPR taxonomy.
Six orthogonal dimensions for reasoning about a vulnerability — why it exists, what is wrong, how it is exploited, where it happens, what damage it does, and how easy it is to weaponize. This is the foundation for VYPR’s CVE intelligence, AI classification, and prioritization.
Root cause
The underlying flaw class — what the developer or operator did wrong. Distinct from the symptom (weakness) and the technique used to exploit it.
Input handling
- ▸Missing validation
- ▸Improper sanitization
- ▸Type confusion
- ▸Encoding error
- ▸Canonicalization error
Authentication
- ▸Weak auth mechanism
- ▸Credential handling
- ▸Session management
- ▸Token handling
- ▸MFA bypass
Authorization
- ▸Missing access control
- ▸Broken object-level auth
- ▸Broken function-level auth
- ▸Privilege boundary failure
- ▸Tenant isolation failure
Memory safety
- ▸Out of bounds
- ▸Use after free
- ▸Double free
- ▸Uninitialized memory
- ▸Null pointer
Configuration
- ▸Insecure default
- ▸Exposed service
- ▸Misconfigured policy
- ▸Debug feature enabled
- ▸Overpermissive setting
Cryptography
- ▸Weak algorithm
- ▸Bad key management
- ▸Insecure randomness
- ▸Improper encryption usage
- ▸Certificate validation failure
Logic error
- ▸Business logic bypass
- ▸State desync
- ▸Race condition
- ▸Time-of-check / time-of-use
- ▸Inconsistent state
Resource management
- ▸Resource leak
- ▸Unbounded resource use
- ▸Improper cleanup
Trust boundary
- ▸Trusted data assumption
- ▸Cross-boundary validation failure
Parsing & serialization
- ▸Unsafe parser
- ▸Ambiguous grammar
- ▸Format confusion
Numeric & calculation
- ▸Integer overflow
- ▸Precision loss
- ▸Rounding error
Supply chain
- ▸Untrusted dependency
- ▸Tampered artifact
- ▸Signature validation failure
Isolation boundary
- ▸Sandbox failure
- ▸Container isolation failure
- ▸VM escape condition
Weakness type
The shape of the flaw as it manifests in the code or system. Maps loosely onto CWE families but normalized for cross-language consistency.
Injection
- ▸SQL
- ▸Command
- ▸Template
- ▸LDAP
- ▸XPath
- ▸NoSQL
Memory corruption
- ▸Buffer overflow
- ▸Heap corruption
- ▸Stack corruption
- ▸Integer overflow
- ▸Format string
Deserialization
- ▸Insecure deserialization
- ▸Object injection
Access control
- ▸Broken access control
- ▸IDOR
- ▸Privilege escalation
- ▸Auth bypass
Data exposure
- ▸Sensitive data exposure
- ▸Information leak
- ▸Metadata exposure
Configuration
- ▸Misconfiguration
- ▸Exposed endpoint
- ▸Insecure header
Concurrency
- ▸Race condition
- ▸Deadlock
- ▸Thread safety
Crypto failure
- ▸Weak crypto
- ▸Plain-text storage
- ▸Broken TLS
Input / output
- ▸Path traversal
- ▸File inclusion
- ▸Uncontrolled redirect
Parsing
- ▸Unsafe parser
- ▸Format confusion
Numeric
- ▸Integer overflow
- ▸Underflow
Protocol
- ▸Protocol state error
- ▸Handshake failure
Supply chain
- ▸Dependency confusion
- ▸Package tampering
Isolation
- ▸Sandbox escape
- ▸Container escape
Attack technique
The technique an attacker uses to weaponize the weakness. Aligned with MITRE ATT&CK / CAPEC at the leaf level where there is a clean mapping.
Injection attacks
- ▸SQL injection
- ▸Command injection
- ▸SSTI
- ▸LDAP injection
- ▸NoSQL injection
Scripting
- ▸XSS reflected
- ▸XSS stored
- ▸XSS DOM
- ▸Script gadget
Request manipulation
- ▸CSRF
- ▸Parameter tampering
- ▸HTTP request smuggling
- ▸Host header injection
SSRF & network
- ▸SSRF
- ▸DNS rebinding
- ▸Internal port scanning
Execution
- ▸RCE
- ▸Code injection
- ▸DLL hijacking
Auth attacks
- ▸Brute force
- ▸Credential stuffing
- ▸Password spraying
- ▸Session hijacking
Privilege abuse
- ▸Privilege escalation
- ▸Sandbox escape
- ▸Container escape
Data extraction
- ▸Data exfiltration
- ▸Side channel
Supply chain attacks
- ▸Dependency confusion
- ▸Malicious package
Protocol attacks
- ▸Protocol desync
- ▸Downgrade attack
Side channel
- ▸Timing attack
- ▸Cache attack
- ▸Speculative execution
File & path
- ▸Path traversal
- ▸File inclusion
Asset context
The component or layer that contains the flaw. Used to focus prioritization on what is actually deployed in a given environment.
Application
- ▸Web app
- ▸Mobile app
- ▸Desktop app
- ▸CLI app
API layer
- ▸REST API
- ▸GraphQL
- ▸gRPC
- ▸Internal API
Data layer
- ▸Database
- ▸Cache
- ▸Search engine
- ▸File storage
Infrastructure
- ▸OS
- ▸Container
- ▸VM
- ▸Kubernetes
Cloud
- ▸IAM
- ▸Storage bucket
- ▸Serverless
- ▸Managed DB
- ▸Message queue
Network
- ▸Load balancer
- ▸Proxy
- ▸Firewall
- ▸DNS
Hardware
- ▸CPU
- ▸Firmware
- ▸IoT device
Identity
- ▸Auth provider
- ▸Federation
CI / CD
- ▸Build pipeline
- ▸Artifact registry
Observability
- ▸Logging system
- ▸Metrics system
Edge
- ▸CDN
- ▸API gateway
Impact
The consequence if the flaw is exploited. Spans CIA, account-level outcomes, business-level damage, and post-exploitation effects.
Confidentiality
- ▸Data exfiltration
- ▸Information disclosure
- ▸Secret leak
Integrity
- ▸Data modification
- ▸Unauthorized action
- ▸Code tampering
Availability
- ▸Denial of service
- ▸Resource exhaustion
- ▸Service degradation
Account
- ▸Account takeover
- ▸Session compromise
- ▸Identity impersonation
System
- ▸Remote code execution
- ▸Full system compromise
- ▸Persistence
Financial
- ▸Fraud
- ▸Transaction manipulation
Reputation
- ▸Trust loss
- ▸Brand damage
Lateral movement
- ▸Internal spread
- ▸Pivoting
Defense evasion
- ▸Log tampering
- ▸Detection bypass
Compliance
- ▸Regulatory violation
- ▸Data residency breach
Exploitability
How readily the flaw can be exploited in practice. Aligned with CVSS metrics for vector, complexity, privileges, and user interaction, plus exploit maturity and reachability.
Attack vector
- ▸Network
- ▸Adjacent
- ▸Local
- ▸Physical
Complexity
- ▸Low
- ▸Medium
- ▸High
Privileges required
- ▸None
- ▸User
- ▸Admin
- ▸System
User interaction
- ▸None
- ▸Required
Exploit maturity
- ▸Theoretical
- ▸Proof of concept
- ▸Weaponized
- ▸In the wild
Reachability
- ▸Direct
- ▸Indirect