# Vulnerability Severity When Takumi performs security assessments, the output report includes a list of vulnerabilities (this applies to all security assessments including chat-based requests, Active Takumi, etc.). Each vulnerability is assigned a severity level, which is classified into the following 5 levels. | Severity | Description | | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Critical | Vulnerabilities that may have a critical impact on business continuity, such as large-scale personal information leakage or impacts on payments and entire systems. | | High | Vulnerabilities that may have a significant impact on business continuity, such as irrecoverable personal information leakage or tampering with important information. | | Medium | Vulnerabilities that may impact business continuity, such as recoverable information leakage. | | Low | Vulnerabilities that may have minor impacts on business continuity, or configuration issues that may exacerbate the occurrence of other vulnerabilities or their resulting damage. | | None | Configuration issues or unintended behaviors that have no impact on business continuity. | Below are some examples. - **Critical**: Personal information stored in the database is leaked due to SQL injection. - **High**: Part of the web application stops due to a specific request, making it impossible to provide related functionality. - **Medium**: CSRF allows legitimate users to be forced to request unintended changes. - **Low**: Introspection queries are allowed in GraphQL API. - **None**: Security-enhancing headers are not set.