Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/205104?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/205104?format=api", "purl": "pkg:npm/swagger-ui@2.1.0-alpha.4", "type": "npm", "namespace": "", "name": "swagger-ui", "version": "2.1.0-alpha.4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.2.1", "latest_non_vulnerable_version": "4.1.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53041?format=api", "vulnerability_id": "VCID-3hsn-22rw-7kay", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nSwagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5682.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5682.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5682", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.5156", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5682" }, { "reference_url": "https://community.rapid7.com/community/infosec/blog/2016/09/02/r7-2016-19-persistent-xss-via-unescaped-parameters-in-swagger-ui", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://community.rapid7.com/community/infosec/blog/2016/09/02/r7-2016-19-persistent-xss-via-unescaped-parameters-in-swagger-ui" }, { "reference_url": "https://github.com/swagger-api/swagger-ui", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/issues/1865", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/issues/1865" }, { "reference_url": "https://www.npmjs.com/advisories/126", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/126" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443546", "reference_id": "1443546", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443546" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5682", "reference_id": "CVE-2016-5682", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5682" }, { "reference_url": "https://github.com/advisories/GHSA-p239-93f7-h6xf", "reference_id": "GHSA-p239-93f7-h6xf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p239-93f7-h6xf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6580?format=api", "purl": "pkg:npm/swagger-ui@2.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/52843?format=api", "purl": "pkg:npm/swagger-ui@2.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdhu-jxfv-k7a9" }, { "vulnerability": "VCID-h64t-4k96-h7d4" }, { "vulnerability": "VCID-mpx5-7r4y-77a9" }, { "vulnerability": "VCID-wfzu-tsmb-nqf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2" } ], "aliases": [ "CVE-2016-5682", "GHSA-p239-93f7-h6xf" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3hsn-22rw-7kay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30537?format=api", "vulnerability_id": "VCID-5918-w4jq-rka8", "summary": "XSS in Consumes/Produces Parameter\nSwagger is a standardized library for documenting API endpoints and their parameters. Swagger uses a JSON document to organize API endpoint parameter data.\n\nSwagger-UI version 2.1.4 contains a cross site scripting (XSS) vulnerability in the `consumes` and `produces` parameters of the swagger json document for a given API. A maliciously crafted swagger JSON doc can be loaded via the URL query-string parameter `url`.\n\n To exploit the vulnerability, an attacker would convince a user to visit a malicious url crafted in the following format:\n ```\nhttp://<USER_HOSTNAME>/swagger-ui/index.html?url=http://<MALICIOUS_HOSTNAME>/malicious-swagger-file.json\n````\n\nThis issue is being disclosed before a public patched release is available due to the issue being made public in a Github issue.", "references": [ { "reference_url": "https://github.com/swagger-api/swagger-ui", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/issues/1866", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/issues/1866" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/pull/1867", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/pull/1867" }, { "reference_url": "https://www.npmjs.com/advisories/123", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/123" }, { "reference_url": "https://github.com/nodejs/security-wg/blob/main/vuln/npm/123.json", "reference_id": "123", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "https://github.com/nodejs/security-wg/blob/main/vuln/npm/123.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000226", "reference_id": "CVE-2016-1000226", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000226" }, { "reference_url": "https://github.com/advisories/GHSA-7f59-x49p-v8mq", "reference_id": "GHSA-7f59-x49p-v8mq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7f59-x49p-v8mq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6578?format=api", "purl": "pkg:npm/swagger-ui@2.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hsn-22rw-7kay" }, { "vulnerability": "VCID-5918-w4jq-rka8" }, { "vulnerability": "VCID-fc6y-84x3-8bgu" }, { "vulnerability": "VCID-gdhu-jxfv-k7a9" }, { "vulnerability": "VCID-h64t-4k96-h7d4" }, { "vulnerability": "VCID-hvuf-t6m7-fuhh" }, { "vulnerability": "VCID-mjr2-z5x4-e3bs" }, { "vulnerability": "VCID-mpx5-7r4y-77a9" }, { "vulnerability": "VCID-r28p-re5d-uya7" }, { "vulnerability": "VCID-wfzu-tsmb-nqf1" }, { "vulnerability": "VCID-znja-a329-yyh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/6580?format=api", "purl": "pkg:npm/swagger-ui@2.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/52843?format=api", "purl": "pkg:npm/swagger-ui@2.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdhu-jxfv-k7a9" }, { "vulnerability": "VCID-h64t-4k96-h7d4" }, { "vulnerability": "VCID-mpx5-7r4y-77a9" }, { "vulnerability": "VCID-wfzu-tsmb-nqf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2" } ], "aliases": [ "CVE-2016-1000226", "GHSA-7f59-x49p-v8mq", "GMS-2020-783" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5918-w4jq-rka8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38193?format=api", "vulnerability_id": "VCID-6xjv-drz7-tbgc", "summary": "XSS in URL Query String Parameter\nThere's a cross site scripting (XSS) vulnerability in the `url` query string parameter.", "references": [ { "reference_url": "https://github.com/swagger-api/swagger-ui/issues/1262", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/swagger-api/swagger-ui/issues/1262" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6598?format=api", "purl": "pkg:npm/swagger-ui@2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hsn-22rw-7kay" }, { "vulnerability": "VCID-5918-w4jq-rka8" }, { "vulnerability": "VCID-fc6y-84x3-8bgu" }, { "vulnerability": "VCID-gdhu-jxfv-k7a9" }, { "vulnerability": "VCID-h64t-4k96-h7d4" }, { "vulnerability": "VCID-hvuf-t6m7-fuhh" }, { "vulnerability": "VCID-mjr2-z5x4-e3bs" }, { "vulnerability": "VCID-mpx5-7r4y-77a9" }, { "vulnerability": "VCID-r28p-re5d-uya7" }, { "vulnerability": "VCID-uyf1-htgj-6bdp" }, { "vulnerability": "VCID-wfzu-tsmb-nqf1" }, { "vulnerability": "VCID-znja-a329-yyh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.1.0" } ], "aliases": [ "GMS-2016-59" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6xjv-drz7-tbgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53572?format=api", "vulnerability_id": "VCID-fc6y-84x3-8bgu", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in swagger-ui.", "references": [ { "reference_url": "https://github.com/swagger-api/swagger-ui", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/issues/1864", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/issues/1864" }, { "reference_url": "https://www.npmjs.com/advisories/986", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/986" }, { "reference_url": "https://github.com/advisories/GHSA-vp93-gcx5-4w52", "reference_id": "GHSA-vp93-gcx5-4w52", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vp93-gcx5-4w52" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6580?format=api", "purl": "pkg:npm/swagger-ui@2.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/52843?format=api", "purl": "pkg:npm/swagger-ui@2.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdhu-jxfv-k7a9" }, { "vulnerability": "VCID-h64t-4k96-h7d4" }, { "vulnerability": "VCID-mpx5-7r4y-77a9" }, { "vulnerability": "VCID-wfzu-tsmb-nqf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2" } ], "aliases": [ "GHSA-vp93-gcx5-4w52", "GMS-2020-786" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fc6y-84x3-8bgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51890?format=api", "vulnerability_id": "VCID-gdhu-jxfv-k7a9", "summary": "Injection Vulnerability\nA Cascading Style Sheets (CSS) injection vulnerability in Swagger UI allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that `<style>@import` within the JSON data was a functional attack method.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17495", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11565", "scoring_system": "epss", "scoring_elements": "0.93773", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17495" }, { "reference_url": "https://github.com/springfox/springfox/commit/26f72f0d16b166e12c20255a4ee907dc10685cf8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/springfox/springfox/commit/26f72f0d16b166e12c20255a4ee907dc10685cf8" }, { "reference_url": "https://github.com/swagger-api/swagger-ui", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11" }, { "reference_url": "https://github.com/tarantula-team/CSS-injection-in-Swagger-UI", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tarantula-team/CSS-injection-in-Swagger-UI" }, { "reference_url": "https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aaad845895955e91@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aaad845895955e91@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484ab534c3a61ef9cf@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484ab534c3a61ef9cf@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r84b327f7a8b6b28857b906c07a66dd98e1d341191fa8d7816514ef96@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r84b327f7a8b6b28857b906c07a66dd98e1d341191fa8d7816514ef96@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r853ffeb915a400f899de78124d4e0d77a19379d2e11bf8f4e98c624f@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r853ffeb915a400f899de78124d4e0d77a19379d2e11bf8f4e98c624f@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ref70b940c4f69560d29d6ba792d6c82865e74de3dcad4c92d99b1f8f@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ref70b940c4f69560d29d6ba792d6c82865e74de3dcad4c92d99b1f8f@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://security.snyk.io/vuln/maven?search=CVE-2019-17495", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.snyk.io/vuln/maven?search=CVE-2019-17495" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17495", "reference_id": "CVE-2019-17495", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17495" }, { "reference_url": "https://github.com/advisories/GHSA-c427-hjc3-wrfw", "reference_id": "GHSA-c427-hjc3-wrfw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c427-hjc3-wrfw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76042?format=api", "purl": "pkg:npm/swagger-ui@3.23.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.23.11" } ], "aliases": [ "CVE-2019-17495", "GHSA-c427-hjc3-wrfw" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gdhu-jxfv-k7a9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41112?format=api", "vulnerability_id": "VCID-h64t-4k96-h7d4", "summary": "Reverse Tabnapping in swagger-ui\nVersions of `swagger-ui` prior to 3.18.0 are vulnerable to [Reverse Tabnapping](https://www.owasp.org/index.php/Reverse_Tabnabbing). The package uses `target='_blank'` in anchor tags, allowing attackers to access `window.opener` for the original page. This is commonly used for phishing attacks.\n\n\n## Recommendation\n\nUpgrade to version 3.18.0 or later.", "references": [ { "reference_url": "https://github.com/swagger-api/swagger-ui/commit/3f4cae3334fdd492a373f4453bd03a9ebd87becf", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/commit/3f4cae3334fdd492a373f4453bd03a9ebd87becf" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/pull/4789", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/pull/4789" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/releases/tag/v3.18.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/releases/tag/v3.18.0" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449808", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449808" }, { "reference_url": "https://www.npmjs.com/advisories/975", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/975" }, { "reference_url": "https://github.com/advisories/GHSA-x9p2-fxq6-2m5f", "reference_id": "GHSA-x9p2-fxq6-2m5f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x9p2-fxq6-2m5f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58241?format=api", "purl": "pkg:npm/swagger-ui@3.18.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdhu-jxfv-k7a9" }, { "vulnerability": "VCID-mpx5-7r4y-77a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.18.0" } ], "aliases": [ "GHSA-x9p2-fxq6-2m5f", "GMS-2019-143" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h64t-4k96-h7d4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53560?format=api", "vulnerability_id": "VCID-hvuf-t6m7-fuhh", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in swagger-ui.", "references": [ { "reference_url": "https://github.com/swagger-api/swagger-ui", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/issues/830", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/issues/830" }, { "reference_url": "https://www.npmjs.com/advisories/988", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/988" }, { "reference_url": "https://github.com/advisories/GHSA-w992-2gmj-9xxj", "reference_id": "GHSA-w992-2gmj-9xxj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w992-2gmj-9xxj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6580?format=api", "purl": "pkg:npm/swagger-ui@2.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/52843?format=api", "purl": "pkg:npm/swagger-ui@2.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdhu-jxfv-k7a9" }, { "vulnerability": "VCID-h64t-4k96-h7d4" }, { "vulnerability": "VCID-mpx5-7r4y-77a9" }, { "vulnerability": "VCID-wfzu-tsmb-nqf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2" } ], "aliases": [ "GHSA-w992-2gmj-9xxj", "GMS-2020-787" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hvuf-t6m7-fuhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52988?format=api", "vulnerability_id": "VCID-mjr2-z5x4-e3bs", "summary": "Cross-Site Scripting in swagger-ui\nAffected versions of `swagger-ui` are vulnerable to cross-site scripting via the `url` query string parameter.\n\n\n## Recommendation\n\nUpdate to 2.2.1 or later.", "references": [ { "reference_url": "https://github.com/swagger-api/swagger-ui", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/commit/a1aea70f2c64533bf053a41d4da5a8accd0117b7", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/commit/a1aea70f2c64533bf053a41d4da5a8accd0117b7" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/issues/1617", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/issues/1617" }, { "reference_url": "https://www.npmjs.com/advisories/137", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/137" }, { "reference_url": "https://github.com/advisories/GHSA-g336-c7wv-8hp3", "reference_id": "GHSA-g336-c7wv-8hp3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g336-c7wv-8hp3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6580?format=api", "purl": "pkg:npm/swagger-ui@2.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/52843?format=api", "purl": "pkg:npm/swagger-ui@2.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdhu-jxfv-k7a9" }, { "vulnerability": "VCID-h64t-4k96-h7d4" }, { "vulnerability": "VCID-mpx5-7r4y-77a9" }, { "vulnerability": "VCID-wfzu-tsmb-nqf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2" } ], "aliases": [ "GHSA-g336-c7wv-8hp3", "GMS-2020-784" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mjr2-z5x4-e3bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53561?format=api", "vulnerability_id": "VCID-mpx5-7r4y-77a9", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in swagger-ui.", "references": [ { "reference_url": "https://github.com/swagger-api/swagger-ui", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/commit/1e184e8e218676278c83e60a45846c199ce3d15e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/commit/1e184e8e218676278c83e60a45846c199ce3d15e" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/pull/5190", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/pull/5190" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449921", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449921" }, { "reference_url": "https://www.npmjs.com/advisories/976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.npmjs.com/advisories/976" }, { "reference_url": "https://github.com/advisories/GHSA-4f9m-pxwh-68hg", "reference_id": "GHSA-4f9m-pxwh-68hg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4f9m-pxwh-68hg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78617?format=api", "purl": "pkg:npm/swagger-ui@3.20.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdhu-jxfv-k7a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.20.9" } ], "aliases": [ "GHSA-4f9m-pxwh-68hg", "GMS-2020-782" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mpx5-7r4y-77a9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30542?format=api", "vulnerability_id": "VCID-r28p-re5d-uya7", "summary": "XSS via Content-type header\nBy using a malicious server which returns script as the value of the Content-Type header, it is possible to execute arbitrary code using the demonstration capabilities of Swagger-UI.", "references": [ { "reference_url": "https://github.com/swagger-api/swagger-ui", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/commit/331d2be070d89162aa3174a8773ae4a0093f78bc", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/commit/331d2be070d89162aa3174a8773ae4a0093f78bc" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/issues/1863", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/issues/1863" }, { "reference_url": "https://www.npmjs.com/advisories/131", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/131" }, { "reference_url": "https://github.com/nodejs/security-wg/blob/main/vuln/npm/131.json", "reference_id": "131", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "https://github.com/nodejs/security-wg/blob/main/vuln/npm/131.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000233", "reference_id": "CVE-2016-1000233", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000233" }, { "reference_url": "https://github.com/advisories/GHSA-mrx7-8hxf-f853", "reference_id": "GHSA-mrx7-8hxf-f853", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mrx7-8hxf-f853" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6578?format=api", "purl": "pkg:npm/swagger-ui@2.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hsn-22rw-7kay" }, { "vulnerability": "VCID-5918-w4jq-rka8" }, { "vulnerability": "VCID-fc6y-84x3-8bgu" }, { "vulnerability": "VCID-gdhu-jxfv-k7a9" }, { "vulnerability": "VCID-h64t-4k96-h7d4" }, { "vulnerability": "VCID-hvuf-t6m7-fuhh" }, { "vulnerability": "VCID-mjr2-z5x4-e3bs" }, { "vulnerability": "VCID-mpx5-7r4y-77a9" }, { "vulnerability": "VCID-r28p-re5d-uya7" }, { "vulnerability": "VCID-wfzu-tsmb-nqf1" }, { "vulnerability": "VCID-znja-a329-yyh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/6580?format=api", "purl": "pkg:npm/swagger-ui@2.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/52843?format=api", "purl": "pkg:npm/swagger-ui@2.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdhu-jxfv-k7a9" }, { "vulnerability": "VCID-h64t-4k96-h7d4" }, { "vulnerability": "VCID-mpx5-7r4y-77a9" }, { "vulnerability": "VCID-wfzu-tsmb-nqf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2" } ], "aliases": [ "CVE-2016-1000233", "GHSA-mrx7-8hxf-f853", "GMS-2020-785" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r28p-re5d-uya7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38174?format=api", "vulnerability_id": "VCID-uyf1-htgj-6bdp", "summary": "XSS in key names\nSwagger-ui contains a cross site scripting (XSS) vulnerability in the key names for the following object path in the JSON document: `.definitions.{USER_DEFINED}.properties.{INJECTABLE_KEY_NAME}`. Supplying a key name with script tags causes arbitrary code execution. In addition it is possible to load the arbitrary JSON files remotely via the `URL` query-string parameter.", "references": [ { "reference_url": "https://en.wikipedia.org/wiki/Content_Security_Policy", "reference_id": "", "reference_type": "", "scores": [], "url": "https://en.wikipedia.org/wiki/Content_Security_Policy" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/issues/1865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/swagger-api/swagger-ui/issues/1865" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52843?format=api", "purl": "pkg:npm/swagger-ui@2.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdhu-jxfv-k7a9" }, { "vulnerability": "VCID-h64t-4k96-h7d4" }, { "vulnerability": "VCID-mpx5-7r4y-77a9" }, { "vulnerability": "VCID-wfzu-tsmb-nqf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2" } ], "aliases": [ "GMS-2016-45" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uyf1-htgj-6bdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53594?format=api", "vulnerability_id": "VCID-wfzu-tsmb-nqf1", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in swagger-ui.", "references": [ { "reference_url": "https://github.com/swagger-api/swagger-ui", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/issues/3163", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/issues/3163" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449941", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449941" }, { "reference_url": "https://www.npmjs.com/advisories/985", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/985" }, { "reference_url": "https://github.com/advisories/GHSA-388g-jwpg-x6j4", "reference_id": "GHSA-388g-jwpg-x6j4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-388g-jwpg-x6j4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78655?format=api", "purl": "pkg:npm/swagger-ui@3.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdhu-jxfv-k7a9" }, { "vulnerability": "VCID-h64t-4k96-h7d4" }, { "vulnerability": "VCID-mpx5-7r4y-77a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.0.13" } ], "aliases": [ "GHSA-388g-jwpg-x6j4", "GMS-2020-781" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wfzu-tsmb-nqf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53571?format=api", "vulnerability_id": "VCID-znja-a329-yyh9", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in swagger-ui.", "references": [ { "reference_url": "https://github.com/swagger-api/swagger-ui", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/issues/1154", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/issues/1154" }, { "reference_url": "https://www.npmjs.com/advisories/987", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/987" }, { "reference_url": "https://github.com/advisories/GHSA-22q9-hqm5-mhmc", "reference_id": "GHSA-22q9-hqm5-mhmc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-22q9-hqm5-mhmc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6580?format=api", "purl": "pkg:npm/swagger-ui@2.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/52843?format=api", "purl": "pkg:npm/swagger-ui@2.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdhu-jxfv-k7a9" }, { "vulnerability": "VCID-h64t-4k96-h7d4" }, { "vulnerability": "VCID-mpx5-7r4y-77a9" }, { "vulnerability": "VCID-wfzu-tsmb-nqf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2" } ], "aliases": [ "GHSA-22q9-hqm5-mhmc", "GMS-2020-780" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znja-a329-yyh9" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.1.0-alpha.4" }