Comparison Overview

Q: Between JD.COM company and DiDi company, which one has the best AI Cybersecurity Score ?

JD.COM company demonstrates a stronger AI Cybersecurity Score compared to DiDi company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Q: Between JD.COM company and DiDi company, which one has experienced more cyber incidents in the past ?

DiDi company has historically faced a number of disclosed cyber incidents, whereas JD.COM company has not reported any.

Q: Between JD.COM company and DiDi company, which one has experienced more cyber incidents this year ?

In the current year, DiDi company and JD.COM company have not reported any cyber incidents.

Q: Between JD.COM company and DiDi company, which one has experienced at least one ransomware attack ?

Neither DiDi company nor JD.COM company has reported experiencing a ransomware attack publicly.

Q: Between JD.COM company and DiDi company, which one has experienced at least one data breach ?

DiDi company has disclosed at least one data breach, while JD.COM company has not reported such incidents publicly.

Q: Between JD.COM company and DiDi company, which one has experienced at least one targeted cyberattack ?

Neither DiDi company nor JD.COM company has reported experiencing targeted cyberattacks publicly.

Q: Between JD.COM company and DiDi company, which one has experienced at least one vulnerability ?

Neither JD.COM company nor DiDi company has reported experiencing or disclosing vulnerabilities publicly.

Q: Between JD.COM company and DiDi company, which one holds the most compliance certifications ?

Neither JD.COM nor DiDi holds any compliance certifications.

Q: Between JD.COM company and DiDi company, which one has the most subsidiaries ?

JD.COM company has more subsidiaries worldwide compared to DiDi company.

JD.COM

JD Building, No. 18 Kechuang 11 Street, BDA, Beijing, CN, 101111

Last Update: 2025-12-09

View Profile

Between 800 and 849

http://corporate.jd.com/

JD.com, also known as JINGDONG, is a leading e-commerce company transferring to be a technology and service enterprise with supply chain at its core. JD.com’s business has expanded across retail, technology, logistics, health, property development, industrials, and international business. Ranking 44 on the Fortune Global 500, JD.com is China’s largest retailer by revenue. JD.com serves over 600 million customers and has set the standard for e-commerce through its commitment to quality, authenticity, and competitive pricing. The company operates the largest fulfillment infrastructure of any e-commerce company in China, enabling 90% of retail orders to be delivered within the same or next day. JD.com also promotes productivity and innovation across a range of industries by offering its cutting-edge technology and infrastructure to partners, brands, and diverse sectors.

NAICS: 5112

NAICS Definition: Software Publishers

Employees: 37,547

Subsidiaries: 2

12-month incidents

0

Known data breaches

0

Attack type number

0

View Profile

DiDi

-, Global, CN

Last Update: 2025-12-09

Between 750 and 799

http://www.didiglobal.com

DiDi Global Inc. is a leading mobility technology platform. It offers a wide range of app-based services across Asia Pacific, Latin America, and other global markets, including ride hailing, taxi hailing, designated driving, hitch and other forms of shared mobility as well as certain energy and vehicle services, food delivery, and intra-city freight services. DiDi provides car owners, drivers, and delivery partners with flexible work and income opportunities. It is committed to collaborating with policymakers, the taxi industry, the automobile industry, and the communities to solve the world’s transportation, environmental, and employment challenges through the use of AI technology and localized smart transportation innovations. DiDi strives to create better life experiences and greater social value, by building a safe, inclusive, and sustainable transportation and local services ecosystem for cities of the future.

NAICS: 5112

NAICS Definition: Software Publishers

Employees: 29,134

Subsidiaries: 0

12-month incidents

0

Known data breaches

1

Attack type number

1

JD.COM

—

ISO 27001

Not verified

—

SOC2 Type 1

Not verified

—

SOC2 Type 2

Not verified

—

GDPR

Not verified

—

PCI DSS

Not verified

—

HIPAA

Not verified

DiDi

—

ISO 27001

Not verified

—

SOC2 Type 1

Not verified

—

SOC2 Type 2

Not verified

—

GDPR

Not verified

—

PCI DSS

Not verified

—

HIPAA

Not verified

Incidents vs Software Development Industry Average (This Year)

No incidents recorded for JD.COM in 2025.

Incidents vs Software Development Industry Average (This Year)

No incidents recorded for DiDi in 2025.

Incident History — JD.COM (X = Date, Y = Severity)

JD.COM cyber incidents detection timeline including parent company and subsidiaries

Incident History — DiDi (X = Date, Y = Severity)

DiDi cyber incidents detection timeline including parent company and subsidiaries

JD.COM

Incidents

No Incident

DiDi

Incidents

Date Detected: 6/2021

Type:Breach

Motivation: Regulatory Enforcement, Data Privacy Compliance, Investor Protection

Blog: Blog

JD.COM company demonstrates a stronger AI Cybersecurity Score compared to DiDi company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

DiDi company has historically faced a number of disclosed cyber incidents, whereas JD.COM company has not reported any.

In the current year, DiDi company and JD.COM company have not reported any cyber incidents.

Neither DiDi company nor JD.COM company has reported experiencing a ransomware attack publicly.

DiDi company has disclosed at least one data breach, while JD.COM company has not reported such incidents publicly.

Neither DiDi company nor JD.COM company has reported experiencing targeted cyberattacks publicly.

Neither JD.COM company nor DiDi company has reported experiencing or disclosing vulnerabilities publicly.

Neither JD.COM nor DiDi holds any compliance certifications.

Neither company holds any compliance certifications.

JD.COM company has more subsidiaries worldwide compared to DiDi company.

JD.COM company employs more people globally than DiDi company, reflecting its scale as a Software Development.

Neither JD.COM nor DiDi holds SOC 2 Type 1 certification.

Neither JD.COM nor DiDi holds SOC 2 Type 2 certification.

Neither JD.COM nor DiDi holds ISO 27001 certification.

Neither JD.COM nor DiDi holds PCI DSS certification.

Neither JD.COM nor DiDi holds HIPAA certification.

Neither JD.COM nor DiDi holds GDPR certification.

Description

NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.

Published

Date

2025-12-14

Updated

Date

2025-12-14

Risk Information

cvss3

Base: 8.1

Severity: HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

References

https://docs.nxlog.co/agent/current/release-notes.html#nxlog-agent-6-11

Description

uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.

Published

Date

2025-12-14

Updated

Date

2025-12-14

Risk Information

cvss3

Base: 2.9

Severity: HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

Description

A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."

Published

Date

2025-12-14

Updated

Date

2025-12-14

Risk Information

cvss2

Base: 5.0

Severity: LOW

AV:N/AC:L/Au:N/C:N/I:P/A:N

cvss3

Base: 4.3

Severity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

cvss4

Base: 5.3

Severity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

Description

MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.

Published

Date

2025-12-14

Updated

Date

2025-12-14

Risk Information

cvss3

Base: 4.5

Severity: HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L

References

https://github.com/mjmlio/mjml/issues/3018

Description

A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).

Published

Date

2025-12-14

Updated

Date

2025-12-14

Risk Information

cvss3

Base: 5.8

Severity: HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

References

Badge your company to reduce your risk score and your cyber insurance costs!

Comparison Overview

JD.COM

VS

DiDi

JD.COM

DiDi

Compliance Badges Comparison

Benchmark & Cyber Underwriting Signals

Incidents vs Software Development Industry Average (This Year)

Incidents vs Software Development Industry Average (This Year)

Incident History — JD.COM (X = Date, Y = Severity)

Incident History — DiDi (X = Date, Y = Severity)

Notable Incidents

No Incident

FAQ

Latest Global CVEs (Not Company-Specific)

CVE-2025-67900

Risk Information

CVE-2025-67899

Risk Information

CVE-2025-14691

Risk Information

CVE-2025-67898

Risk Information

CVE-2025-13281

Risk Information

Badge your company to reduce your risk score and your cyber insurance costs!

Comparison Overview

JD.COM

VS

DiDi

JD.COM

DiDi

Compliance Badges Comparison

Benchmark & Cyber Underwriting Signals

Incidents vs Software Development Industry Average (This Year)

Incidents vs Software Development Industry Average (This Year)

Incident History — JD.COM (X = Date, Y = Severity)

Incident History — DiDi (X = Date, Y = Severity)

Notable Incidents

No Incident

🔒 Incident : Breach DID3292232091125

FAQ

Between JD.COM company and DiDi company, which one has the best AI Cybersecurity Score ?

Between JD.COM company and DiDi company, which one has experienced more cyber incidents in the past ?

Between JD.COM company and DiDi company, which one has experienced more cyber incidents this year ?

Between JD.COM company and DiDi company, which one has experienced at least one ransomware attack ?

Between JD.COM company and DiDi company, which one has experienced at least one data breach ?

Between JD.COM company and DiDi company, which one has experienced at least one targeted cyberattack ?

Between JD.COM company and DiDi company, which one has experienced at least one vulnerability ?

Between JD.COM company and DiDi company, which one holds the most compliance certifications ?

Between JD.COM company and DiDi company, which one holds the fewest compliance certifications ?

Between JD.COM company and DiDi company, which one has the most subsidiaries ?

Between JD.COM company and DiDi company, which one has the largest number of employees ?

Between JD.COM and DiDi, which company holds both SOC 2 Type 1 certifications ?

Between JD.COM and DiDi, which company holds both SOC 2 Type 2 certifications ?

Which company is ISO 27001 certified — JD.COM or DiDi ?

Which company is PCI DSS compliant — JD.COM or DiDi ?

Between JD.COM and DiDi, which company complies with HIPAA regulations for healthcare data ?

Between JD.COM and DiDi, which company complies with GDPR requirements ?

Latest Global CVEs (Not Company-Specific)

CVE-2025-67900

Risk Information

CVE-2025-67899

Risk Information

CVE-2025-14691

Risk Information

CVE-2025-67898

Risk Information

CVE-2025-13281

Risk Information