HOME / DOCUMENTATION / Lower-severity findings appear when using any scan profile

Lower-severity findings appear when using any scan profile

When you select a scan profile such as High or Critical, the scanner prioritizes checks most likely to detect vulnerabilities of that severity. However, you may still see medium or low severity findings in the scan results. This is expected behavior because these profiles are designed to run faster scans by selecting certain scripts, not to filter out vulnerabilities based on severity. Here is why:

How scan profiles work

  • Each scan profile determines which scanning scripts are executed.
  • A single script can contain multiple checks with different severities.
  • If a script is triggered, it will report all findings it detects, regardless of their severity.

Why lower severities appear

  • Multiple checks per script – For efficiency, some checks are bundled together. If a bundled check finds a lower-severity issue, it will still be reported.
  • Passive checks – Some vulnerabilities can be identified without making additional requests (for example, by analyzing existing responses). These can be detected even when running a High/Critical profile.

Filtering results

Currently, the scan engine does not filter out lower-severity vulnerabilities during the scan itself. To see only the severities you are interested in, you can:

  • Apply severity filters in the UI after the scan finishes.
  • Export the scan results and filter them externally.

Summary

Selecting the High or Critical profile optimizes the scan to target the most severe risks first, but the nature of how scripts and checks are organized means you may still see findings of all severities. This ensures that important issues are not overlooked just because they happen to be detected alongside higher-severity checks.