SQL and Command Injection, Mass Assignment, Attribute Restriction, Cross-Site Request Forgery, Unsafe Redirects, Default Routes, Format Validation (multiline regexp), Denial of Service (cpu, memory,...), Dynamic Render Paths, Dangerous Evaluation, Unsafe Deserialization, File Access, Basic Authentication, Session Settings, Information Disclosure, Dangerous Send, Mail Link, Remote Code Execution, Remote Execution in YAML. load