Comparison Overview

Abri Group

VS

YMCA of the USA

Abri Group

Collins House, Eastleigh, GB
Last Update: 2026-01-03
View Profile
Between 700 and 749
https://www.abri.co.uk/

We’re Abri, a housing association based in the south of England. One of the largest in fact. We own own and manage more than 58,000 homes and various community assets, serving around 113,000 customers across the South of England. There aren’t enough homes for everyone who needs one. And we don’t think that’s right. So we build, own, look after and sell homes that people can afford. Including homes for affordable and social rent. And homes to buy through things like Shared Ownership and Help to Buy. We also have houses for market rent and sale too. And that’s not the half of it… Find out more about what we do on our website!

NAICS: 8135
NAICS Definition: Others
Employees: 902
Subsidiaries: 0
12-month incidents
1
Known data breaches
1
Attack type number
1
View Profile

YMCA of the USA

101 N. Wacker Dr, Chicago, 60606, US
Last Update: 2026-01-02
Between 750 and 799
https://www.ymca.org/

YMCA of the USA is the national resource office for the nation's YMCAs. Located in Chicago, IL, YMCA of the USA exists to serve YMCAs. To address the specific needs of communities, each YMCA is an independent organization, autonomous and separate from YMCA of the USA. They are required by the national constitution to pay annual dues, to refrain from discrimination and to support the YMCA mission. All other decisions are local choices, including programs offered, staffing and style of operation. Learn, Grow and Thrive with a Career at the Y Imagine going to work knowing that what you do each day positively affects the lives of the people in your community. Working at the Y, you'll discover more than a job-you'll enjoy a career with a future and the opportunity to make a lasting difference in the lives of those around you. Our staff members-of all ages and backgrounds and life experiences-enjoy the personal satisfaction that comes from nurturing the potential of youth and teens, improving the nation's health and well-being and providing support to our neighbors. The Y ensures that everyone has the opportunity to become healthier, more confident, connected and secure. Search for open positions at Ys across the U.S.: https://www.ymca.org/get-involved/careers/opportunities/open-positions

NAICS: 8135
NAICS Definition: Others
Employees: 35,312
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/abri-group.jpeg
Abri Group
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/ymcausa.jpeg
YMCA of the USA
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
Abri Group
100%
Compliance Rate
0/4 Standards Verified
YMCA of the USA
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Non-profit Organizations Industry Average (This Year)

Abri Group has 0.0% fewer incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs Non-profit Organizations Industry Average (This Year)

No incidents recorded for YMCA of the USA in 2026.

Incident History — Abri Group (X = Date, Y = Severity)

Abri Group cyber incidents detection timeline including parent company and subsidiaries

Incident History — YMCA of the USA (X = Date, Y = Severity)

YMCA of the USA cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/abri-group.jpeg
Abri Group
Incidents

Date Detected: 1/2026
Type:Breach
Blog: Blog
https://images.rankiteo.com/companyimages/ymcausa.jpeg
YMCA of the USA
Incidents

No Incident

FAQ

YMCA of the USA company demonstrates a stronger AI Cybersecurity Score compared to Abri Group company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Abri Group company has historically faced a number of disclosed cyber incidents, whereas YMCA of the USA company has not reported any.

In the current year, Abri Group company has reported more cyber incidents than YMCA of the USA company.

Neither YMCA of the USA company nor Abri Group company has reported experiencing a ransomware attack publicly.

Abri Group company has disclosed at least one data breach, while the other YMCA of the USA company has not reported such incidents publicly.

Neither YMCA of the USA company nor Abri Group company has reported experiencing targeted cyberattacks publicly.

Neither Abri Group company nor YMCA of the USA company has reported experiencing or disclosing vulnerabilities publicly.

Neither Abri Group nor YMCA of the USA holds any compliance certifications.

Neither company holds any compliance certifications.

Neither Abri Group company nor YMCA of the USA company has publicly disclosed detailed information about the number of their subsidiaries.

YMCA of the USA company employs more people globally than Abri Group company, reflecting its scale as a Non-profit Organizations.

Neither Abri Group nor YMCA of the USA holds SOC 2 Type 1 certification.

Neither Abri Group nor YMCA of the USA holds SOC 2 Type 2 certification.

Neither Abri Group nor YMCA of the USA holds ISO 27001 certification.

Neither Abri Group nor YMCA of the USA holds PCI DSS certification.

Neither Abri Group nor YMCA of the USA holds HIPAA certification.

Neither Abri Group nor YMCA of the USA holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the `EXPDIR` POST parameter against the UI-generated allowlist of permitted directories. An attacker can supply relative paths containing `../` sequences (or even absolute paths inside the document root) to include any readable file in the generated `.tar.gz` archive. Version 5.20.2 fixes this issue.

Published
Date
2026-01-07
Updated
Date
2026-01-07
Risk Information
cvss4
Base: 8.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal (Zip Slip) vulnerability exists in MONAI's `_download_from_ngc_private()` function. The function uses `zipfile.ZipFile.extractall()` without path validation, while other similar download functions in the same codebase properly use the existing `safe_extract_member()` function. Commit 4014c8475626f20f158921ae0cf98ed259ae4d59 fixes this issue.

Published
Date
2026-01-07
Updated
Date
2026-01-07
Risk Information
cvss3
Base: 5.3
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
References
Description

axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global `defaultClient` is mutated during request execution without synchronization, directly modifying the shared `http.Client`'s `Transport`, `Timeout`, and `CheckRedirect` properties. Impacted applications include that that use axios4go with concurrent requests (multiple goroutines, `GetAsync`, `PostAsync`, etc.), those where different requests use different proxy configurations, and those that handle sensitive data (authentication credentials, tokens, API keys). Version 0.6.4 fixes this issue.

Published
Date
2026-01-07
Updated
Date
2026-01-07
Risk Information
cvss4
Base: 8.2
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code Execution (RCE) in build environments. This issue is fixed in version 10.27.0.

Published
Date
2026-01-07
Updated
Date
2026-01-07
Risk Information
cvss3
Base: 7.5
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
References
Description

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network.

Published
Date
2026-01-07
Updated
Date
2026-01-07
Risk Information
cvss3
Base: 5.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
References