Comparison Overview

Q: Between Daraz company and PhonePe company, which one has the best AI Cybersecurity Score ?

PhonePe company demonstrates a stronger AI Cybersecurity Score compared to Daraz company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Q: Between Daraz company and PhonePe company, which one has experienced more cyber incidents in the past ?

Historically, PhonePe company has disclosed a higher number of cyber incidents compared to Daraz company.

Q: Between Daraz company and PhonePe company, which one has experienced more cyber incidents this year ?

In the current year, PhonePe company and Daraz company have not reported any cyber incidents.

Q: Between Daraz company and PhonePe company, which one has experienced at least one ransomware attack ?

Neither PhonePe company nor Daraz company has reported experiencing a ransomware attack publicly.

Q: Between Daraz company and PhonePe company, which one has experienced at least one data breach ?

Neither PhonePe company nor Daraz company has reported experiencing a data breach publicly.

Q: Between Daraz company and PhonePe company, which one has experienced at least one targeted cyberattack ?

Neither PhonePe company nor Daraz company has reported experiencing targeted cyberattacks publicly.

Q: Between Daraz company and PhonePe company, which one has experienced at least one vulnerability ?

Neither Daraz company nor PhonePe company has reported experiencing or disclosing vulnerabilities publicly.

Q: Between Daraz company and PhonePe company, which one holds the most compliance certifications ?

Neither Daraz nor PhonePe holds any compliance certifications.

Q: Between Daraz company and PhonePe company, which one has the most subsidiaries ?

PhonePe company has more subsidiaries worldwide compared to Daraz company.

Daraz

8 Shenton Way, Singapore, undefined, undefined, SG

Last Update: 2025-12-09

View Profile

Between 750 and 799

https://daraz.com/

Daraz is the leading e-commerce marketplace across South Asia (excluding India). Our business covers four key areas – e-commerce, logistics, payment infrastructure and financial services – providing our sellers and customers with an end-to-end commerce solution. With access to over 500 million customers in our markets, we strive to deliver on our promise of enabling easy access to a wide assortment of products while bringing users on an interactive and personalised journey. We are driven by our commitment to uplifting local communities through the power of commerce. We invest in the development and education of our sellers, employees and communities with the goal of empowering them to grow and succeed. As we work towards our vision of becoming a champion of South Asia, we will continue to look for new ways to improve our offerings and connect with our people and communities. Visit https://www.daraz.com/ to learn more.

NAICS: 5112

NAICS Definition: Software Publishers

Employees: 12,213

Subsidiaries: 0

12-month incidents

0

Known data breaches

0

Attack type number

0

View Profile

PhonePe

Green Glen Layout Road, Bengaluru East, Karnataka, 560103, IN

Last Update: 2025-12-09

Between 750 and 799

https://www.phonepe.com

PhonePe Group is India’s leading fintech company, proudly recognized as India’s #1 Trusted Digital Payments* Brand for three consecutive years. Our flagship product, the PhonePe app was launched in August 2016, has rapidly become the preferred consumer payments app in India. In just eight years, PhonePe has gained over 57 crore + registered users and established a digital payments acceptance network of over 4 crore+ merchants spread across Tier 2,3 cites and beyond, covering 99% of the postal codes in the country. Building on our leadership in digital payments, PhonePe Group has expanded into financial services—including insurance, lending, and wealth management—along with new consumer tech ventures such as Pincode, a hyperlocal ecommerce platform, Indus App Store - India’s first localized app store, and Share.Market- A wealth and investment platform (app & website), catering to investors and traders needs. Headquartered in India, PhonePe Group aligns its diverse portfolio of businesses with our vision We're committed to empowering every Indian by unlocking the flow of money and providing equal access to easy & secure payments and financial services.

NAICS: 5112

NAICS Definition: Software Publishers

Employees: 15,345

Subsidiaries: 1

12-month incidents

0

Known data breaches

0

Attack type number

0

Daraz

—

ISO 27001

Not verified

—

SOC2 Type 1

Not verified

—

SOC2 Type 2

Not verified

—

GDPR

Not verified

—

PCI DSS

Not verified

—

HIPAA

Not verified

PhonePe

—

ISO 27001

Not verified

—

SOC2 Type 1

Not verified

—

SOC2 Type 2

Not verified

—

GDPR

Not verified

—

PCI DSS

Not verified

—

HIPAA

Not verified

Incidents vs Software Development Industry Average (This Year)

No incidents recorded for Daraz in 2025.

Incidents vs Software Development Industry Average (This Year)

No incidents recorded for PhonePe in 2025.

Incident History — Daraz (X = Date, Y = Severity)

Daraz cyber incidents detection timeline including parent company and subsidiaries

Incident History — PhonePe (X = Date, Y = Severity)

PhonePe cyber incidents detection timeline including parent company and subsidiaries

Daraz

Incidents

No Incident

PhonePe

Incidents

No Incident

PhonePe company demonstrates a stronger AI Cybersecurity Score compared to Daraz company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Historically, PhonePe company has disclosed a higher number of cyber incidents compared to Daraz company.

In the current year, PhonePe company and Daraz company have not reported any cyber incidents.

Neither PhonePe company nor Daraz company has reported experiencing a ransomware attack publicly.

Neither PhonePe company nor Daraz company has reported experiencing a data breach publicly.

Neither PhonePe company nor Daraz company has reported experiencing targeted cyberattacks publicly.

Neither Daraz company nor PhonePe company has reported experiencing or disclosing vulnerabilities publicly.

Neither Daraz nor PhonePe holds any compliance certifications.

Neither company holds any compliance certifications.

PhonePe company has more subsidiaries worldwide compared to Daraz company.

PhonePe company employs more people globally than Daraz company, reflecting its scale as a Software Development.

Neither Daraz nor PhonePe holds SOC 2 Type 1 certification.

Neither Daraz nor PhonePe holds SOC 2 Type 2 certification.

Neither Daraz nor PhonePe holds ISO 27001 certification.

Neither Daraz nor PhonePe holds PCI DSS certification.

Neither Daraz nor PhonePe holds HIPAA certification.

Neither Daraz nor PhonePe holds GDPR certification.

Description

NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.

Published

Date

2025-12-14

Updated

Date

2025-12-14

Risk Information

cvss3

Base: 8.1

Severity: HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

References

https://docs.nxlog.co/agent/current/release-notes.html#nxlog-agent-6-11

Description

uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.

Published

Date

2025-12-14

Updated

Date

2025-12-14

Risk Information

cvss3

Base: 2.9

Severity: HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

Description

A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."

Published

Date

2025-12-14

Updated

Date

2025-12-14

Risk Information

cvss2

Base: 5.0

Severity: LOW

AV:N/AC:L/Au:N/C:N/I:P/A:N

cvss3

Base: 4.3

Severity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

cvss4

Base: 5.3

Severity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

Description

MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.

Published

Date

2025-12-14

Updated

Date

2025-12-14

Risk Information

cvss3

Base: 4.5

Severity: HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L

References

https://github.com/mjmlio/mjml/issues/3018

Description

A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).

Published

Date

2025-12-14

Updated

Date

2025-12-14

Risk Information

cvss3

Base: 5.8

Severity: HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

References

Badge your company to reduce your risk score and your cyber insurance costs!

Comparison Overview

Daraz

VS

PhonePe

Daraz

PhonePe

Compliance Badges Comparison

Benchmark & Cyber Underwriting Signals

Incidents vs Software Development Industry Average (This Year)

Incidents vs Software Development Industry Average (This Year)

Incident History — Daraz (X = Date, Y = Severity)

Incident History — PhonePe (X = Date, Y = Severity)

Notable Incidents

No Incident

No Incident

FAQ

Latest Global CVEs (Not Company-Specific)

CVE-2025-67900

Risk Information

CVE-2025-67899

Risk Information

CVE-2025-14691

Risk Information

CVE-2025-67898

Risk Information

CVE-2025-13281

Risk Information

Badge your company to reduce your risk score and your cyber insurance costs!

Comparison Overview

Daraz

VS

PhonePe

Daraz

PhonePe

Compliance Badges Comparison

Benchmark & Cyber Underwriting Signals

Incidents vs Software Development Industry Average (This Year)

Incidents vs Software Development Industry Average (This Year)

Incident History — Daraz (X = Date, Y = Severity)

Incident History — PhonePe (X = Date, Y = Severity)

Notable Incidents

No Incident

No Incident

FAQ

Between Daraz company and PhonePe company, which one has the best AI Cybersecurity Score ?

Between Daraz company and PhonePe company, which one has experienced more cyber incidents in the past ?

Between Daraz company and PhonePe company, which one has experienced more cyber incidents this year ?

Between Daraz company and PhonePe company, which one has experienced at least one ransomware attack ?

Between Daraz company and PhonePe company, which one has experienced at least one data breach ?

Between Daraz company and PhonePe company, which one has experienced at least one targeted cyberattack ?

Between Daraz company and PhonePe company, which one has experienced at least one vulnerability ?

Between Daraz company and PhonePe company, which one holds the most compliance certifications ?

Between Daraz company and PhonePe company, which one holds the fewest compliance certifications ?

Between Daraz company and PhonePe company, which one has the most subsidiaries ?

Between Daraz company and PhonePe company, which one has the largest number of employees ?

Between Daraz and PhonePe, which company holds both SOC 2 Type 1 certifications ?

Between Daraz and PhonePe, which company holds both SOC 2 Type 2 certifications ?

Which company is ISO 27001 certified — Daraz or PhonePe ?

Which company is PCI DSS compliant — Daraz or PhonePe ?

Between Daraz and PhonePe, which company complies with HIPAA regulations for healthcare data ?

Between Daraz and PhonePe, which company complies with GDPR requirements ?

Latest Global CVEs (Not Company-Specific)

CVE-2025-67900

Risk Information

CVE-2025-67899

Risk Information

CVE-2025-14691

Risk Information

CVE-2025-67898

Risk Information

CVE-2025-13281

Risk Information