Security vulnerabilities as per open web application security project are as follows:
SQL Injection
Cross-site request forgery
Insecure cryptographic storage
Broken authentication and session management
Insufficient transport layer protection
Unvalidated redirects and forwards
Failure to restrict URL access