← Back to Dashboard

kolega-v0.0.1

Scanner detail · 26 repositories scored · generated 2026-04-21 13:55 UTC
F3
73.0
F3 Score (strict)
F2
66.5
F2 Score (strict)
80.9%
Recall (strict)
38.8%
Precision (strict)
26
Repos Scored
Per-Repository Breakdown TP / FP / FN
Per-Repository Scores click headers to sort
Repository F2 Recall Precision TP FP FN
damn-vulnerable-flask-application 57.7 80.0 27.3 12 32 3
damn-vulnerable-graphql-application 54.8 65.7 32.9 23 47 12
djangoat 54.5 72.0 27.7 36 94 14
dsvpwa 73.7 87.5 45.2 28 34 4
dsvw 83.3 92.6 59.5 25 17 2
dvblab 64.2 86.4 31.7 19 41 3
dvpwa 74.8 86.4 48.7 19 20 3
extremely-vulnerable-flask-app 83.3 100.0 50.0 28 28 0
flask-xss 68.2 85.7 37.5 24 40 4
insecure-web 66.2 100.0 28.1 9 23 0
intentionally-vulnerable-python-application 58.8 85.7 26.1 6 17 1
lets-be-bad-guys 82.7 95.8 53.5 23 20 1
owasp-web-playground 75.4 93.1 42.9 27 36 2
pygoat 57.7 68.6 35.3 48 88 22
python-app 48.9 65.0 24.5 13 40 7
python-insecure-app 61.4 87.5 28.0 7 18 1
pythonssti 50.0 100.0 16.7 2 10 0
threatbyte 70.5 91.7 36.7 22 38 2
vampi 79.7 84.6 64.7 11 6 2
vfapi 68.2 100.0 30.0 9 21 0
vulnerable-api 70.7 92.9 36.1 13 23 1
vulnerable-flask-app 67.7 90.0 34.0 18 35 2
vulnerable-python-apps 60.2 72.7 35.6 16 29 6
vulnerable-tornado-app 78.7 100.0 42.4 14 19 0
vulnpy 62.3 62.8 60.5 49 32 29
vulpy 72.8 85.2 46.0 46 54 8
Detection by Severity
critical
87%
TP 75 / FP 3 / FN 11
high
80%
TP 193 / FP 8 / FN 49
medium
79%
TP 224 / FP 4 / FN 58
low
83%
TP 55 / FP 1 / FN 11
CWE Family Heatmap recall by repository
Repository Broken Access Co.. Code Injection /.. Command / OS Inj.. Denial of Service Hardcoded Creden.. HTTP Header Inje.. Insecure Deseria.. Missing Authenti.. Open Redirect Other Path Traversal Security Misconf.. Sensitive Data E.. SQL Injection Server-Side Requ.. XPath Injection Cross-Site Scrip.. XML External Ent..
damn-vulnerable-flask-application 100% 100% 100% 50% 67% 0% 100% 100%
damn-vulnerable-graphql-application 0% 100% 0% 100% 33% 73% 100% 100% 60% 100% 100% 100%
djangoat 50% 100% 100% 100% 100% 43% 100% 69% 100% 100% 25% 100% 71%
dsvpwa 100% 100% 100% 0% 0% 100% 100% 100% 67% 100% 100% 100%
dsvw 100% 100% 100% 100% 100% 100% 100% 60% 100% 100% 100% 100% 100% 100% 100% 100%
dvblab 100% 100% 100% 0% 75% 100% 100% 100%
dvpwa 67% 78% 100% 100% 100% 100%
extremely-vulnerable-flask-app 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100%
flask-xss 100% 100% 33% 100% 88% 100% 67% 0% 100%
insecure-web 100% 100% 100% 100% 100% 100%
intentionally-vulnerable-python-application 100% 100% 100% 100% 100% 0% 0%
lets-be-bad-guys 100% 100% 100% 100% 100% 100% 100% 67% 100% 0% 100%
owasp-web-playground 100% 100% 100% 100% 89% 100% 75% 100% 100% 100% 0%
pygoat 0% 50% 100% 78% 33% 50% 77% 100% 33% 80% 50% 100% 100% 100%
python-app 100% 50% 100% 0% 67% 50% 50% 100% 50% 100%
python-insecure-app 100% 100% 100% 100% 0% 100%
pythonssti 100% 100%
threatbyte 100% 100% 100% 89% 100% 100% 50% 100% 100% 100%
vampi 100% 0% 100% 100% 80% 100% 100%
vfapi 100% 100% 100% 100%
vulnerable-api 100% 100% 100% 100% 100% 50% 100% 100% 100%
vulnerable-flask-app 50% 75% 100% 100% 0% 100% 100% 0% 100%
vulnerable-python-apps 100% 50% 100% 100% 100% 0% 20% 100% 100%
vulnerable-tornado-app 100% 100% 100% 100% 100% 100% 100% 100% 100%
vulnpy 100% 100% 12% 100% 50% 25% 100% 100% 69% 67% 100% 100%
vulpy 100% 0% 100% 50% 86% 50% 100% 100% 67% 75%
CWE Family Detection aggregate
RealVuln Benchmark · GitHub · kolega.dev