Comparison Overview

Columbia Care

VS

The Shaman Shack

Columbia Care

745 5th Ave, New York, undefined, undefined, US
Last Update: 2025-03-05 (UTC)
Between 900 and 1000
https://cannabistcompany.com

Excellent

The Cannabist Company (formerly Columbia Care) is one of the largest and most experienced cultivators, manufacturers and retailers of cannabis products and related services in the U.S. Columbia Care was one of the original providers of medical cannabis in the United States, and continues to deliver an industry-leading, patient-centered medicinal cannabis operation that has quickly expanded into the adult use market as a premier operator. The company currently offers products spanning flower, edibles, oils, and tablets, and manufactures popular brands including Classix, Seed & Strain, and Hedy. Must be 21+ to follow.

NAICS: 621399
NAICS Definition: Offices of All Other Miscellaneous Health Practitioners
Employees: 495
Subsidiaries: 1
12-month incidents
0
Known data breaches
0
Attack type number
0

The Shaman Shack

None
Last Update: 2025-03-06 (UTC)

Excellent

Between 900 and 1000
http://www.theshamanshack.etsy.com

The Shaman Shack prepares bottles of alchemy and intuitive readings to assist one into moving into a higher vibrations, a higher consciousness. The alchemy that I practice is angel magic. Angel magic converts matter into light (el=matter, ka=energy, and mi=accessed light... el-ka-mi or alchemy) and then converts the higher Infinite light into matter which nurtures the physical to change and cooperate with Divine Intent. Meaning, when you convert matter into light , density into light, this eliminates illusion, dis-ease in the body. Then taking the higher, pure, light, to replace what was taken, converting that into matter reveals the true luminous self.

NAICS: 621
NAICS Definition:
Employees: 13
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/col-care.jpeg
Columbia Care
โ€”
ISO 27001
Not verified
โ€”
SOC 2
Not verified
โ€”
GDPR
No public badge
โ€”
PCI DSS
No public badge
https://images.rankiteo.com/companyimages/the-shaman-shack.jpeg
The Shaman Shack
โ€”
ISO 27001
Not verified
โ€”
SOC 2
Not verified
โ€”
GDPR
No public badge
โ€”
PCI DSS
No public badge
Compliance Summary
Columbia Care
100%
Compliance Rate
0/4 Standards Verified
The Shaman Shack
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Alternative Medicine Industry Average (This Year)

No incidents recorded for Columbia Care in 2025.

Incidents vs Alternative Medicine Industry Average (This Year)

No incidents recorded for The Shaman Shack in 2025.

Incident History โ€” Columbia Care (X = Date, Y = Severity)

Columbia Care cyber incidents detection timeline including parent company and subsidiaries

Incident History โ€” The Shaman Shack (X = Date, Y = Severity)

The Shaman Shack cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/col-care.jpeg
Columbia Care
Incidents

No Incident

https://images.rankiteo.com/companyimages/the-shaman-shack.jpeg
The Shaman Shack
Incidents

No Incident

FAQ

Both Columbia Care company and The Shaman Shack company demonstrate a comparable AI risk posture, with strong governance and monitoring frameworks in place.

Historically, The Shaman Shack company has disclosed a higher number of cyber incidents compared to Columbia Care company.

In the current year, The Shaman Shack company and Columbia Care company have not reported any cyber incidents.

Neither The Shaman Shack company nor Columbia Care company has reported experiencing a ransomware attack publicly.

Neither The Shaman Shack company nor Columbia Care company has reported experiencing a data breach publicly.

Neither The Shaman Shack company nor Columbia Care company has reported experiencing targeted cyberattacks publicly.

Neither Columbia Care company nor The Shaman Shack company has reported experiencing or disclosing vulnerabilities publicly.

Columbia Care company has more subsidiaries worldwide compared to The Shaman Shack company.

Columbia Care company employs more people globally than The Shaman Shack company, reflecting its scale as a Alternative Medicine.

Latest Global CVEs (Not Company-Specific)

Description

A weakness has been identified in bftpd up to 6.2. Impacted is the function expand_groups of the file options.c of the component Configuration File Handler. Executing manipulation can lead to heap-based buffer overflow. It is possible to launch the attack on the local host. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Published
Date
2025-10-19
Updated
Date
2025-10-19
Risk Information
cvss2
Base: 3.5
Severity: HIGH
AV:L/AC:H/Au:S/C:P/I:P/A:P
cvss3
Base: 4.5
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 2.0
Severity: HIGH
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

A security flaw has been discovered in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown processing of the file /frontend.jsp of the component Add Contact Page. Performing manipulation of the argument First Name/Last Name/Company/Address/Phone/Mobile results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Published
Date
2025-10-19
Updated
Date
2025-10-19
Risk Information
cvss2
Base: 4.0
Severity: LOW
AV:N/AC:L/Au:S/C:N/I:P/A:N
cvss3
Base: 3.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.1
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

A vulnerability was identified in toeverything AFFiNE up to 0.24.1. This vulnerability affects unknown code of the component Avatar Upload Image Endpoint. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published
Date
2025-10-19
Updated
Date
2025-10-19
Risk Information
cvss2
Base: 4.0
Severity: LOW
AV:N/AC:L/Au:S/C:N/I:P/A:N
cvss3
Base: 3.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.1
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/controller/tools/import.php of the component Raw SQL Handler. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: 52204b4a106b2fb02d16eee06a88a1f2697f9b35. It is recommended to apply a patch to fix this issue.

Published
Date
2025-10-19
Updated
Date
2025-10-19
Risk Information
cvss2
Base: 5.8
Severity: LOW
AV:N/AC:L/Au:M/C:P/I:P/A:P
cvss3
Base: 4.7
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.1
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

A vulnerability has been found in 70mai X200 up to 20251010. Affected by this vulnerability is an unknown functionality of the component HTTP Web Server. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published
Date
2025-10-19
Updated
Date
2025-10-19
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References