Scala is a functional programming and object-oriented language which is designed to be concise and compiled to Java bytecode so that a Scala application can be executed on a Java Virtual Machine (JVM). Scala’s designers claim that using static types in Scala help evade bugs in complex Scala applications. However, the recently discovered vulnerabilities in Scala applications shed doubt on this claim. Therefore, in this work, we introduce TaintSpy as a runtime vulnerability indicator which works based on dynamic taint analysis of Scala applications. Our proposed framework can identify security vulnerabilities without requiring the source code of applications. We demonstrate the usefulness of our framework by identifying and reporting several security vulnerabilities such as Remote Code Execution (RCE), Memory Corruption, DOS, SQL injection and XSS in standard Scala frameworks (e.g., Lift, Akka and Spray).