Sonarqube-8.4.2 missing some security categories

Hello, We are running with 7.9.3 LTS on production environment, planning to upgrade 8.4.2 version. Updated on testing environment & trying to test all the functionalities. But we found some differences b/n prod & QA. While going to issues → security Categories → Sonarsource path there is one list which are 15 parameters on Prod & only 7 parameters on QA. Missing parameters are 1. DOS (Deniel of service), 2. RCE code injection 3. command injection 4. Log injection 5. XSS cross-site injection 6. SQL injection. But when we checked the same categories in Rules they are looking same in 2 environments.
Can anyone help us how to differentiate & find why those are excluded in latest versions.

Thanks & Regards