Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/444248?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/444248?format=api", "purl": "pkg:npm/swagger-ui@3.0.3", "type": "npm", "namespace": "", "name": "swagger-ui", "version": "3.0.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.1.3", "latest_non_vulnerable_version": "4.1.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206830?format=api", "vulnerability_id": "VCID-3v8v-mvbs-rkhu", "summary": "Server side request forgery in SwaggerUI", "references": [ { "reference_url": "https://github.com/domaindrivendev/Swashbuckle.AspNetCore/commit/401c7cb81e5efe835ceb8aae23e82057d57c7d29", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/domaindrivendev/Swashbuckle.AspNetCore/commit/401c7cb81e5efe835ceb8aae23e82057d57c7d29" }, { "reference_url": "https://github.com/swagger-api/swagger-ui", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/commit/01a3e55960f864a0acf6a8d06e5ddaf6776a7f76", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/commit/01a3e55960f864a0acf6a8d06e5ddaf6776a7f76" }, { "reference_url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx", "reference_id": "GHSA-qrmm-w75w-3wpx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/security/advisories/GHSA-qrmm-w75w-3wpx", "reference_id": "GHSA-qrmm-w75w-3wpx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/security/advisories/GHSA-qrmm-w75w-3wpx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18236?format=api", "purl": "pkg:npm/swagger-ui@4.1.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@4.1.3" } ], "aliases": [ "GHSA-qrmm-w75w-3wpx", "GMS-2021-188", "GMS-2021-327", "GMS-2021-44", "GMS-2021-470" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3v8v-mvbs-rkhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206219?format=api", "vulnerability_id": "VCID-4a5e-u6eu-a7g1", "summary": "Cross-Site Scripting in swagger-ui", "references": [ { "reference_url": "https://github.com/swagger-api/swagger-ui", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/issues/3163", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/issues/3163" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449941", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449941" }, { "reference_url": "https://www.npmjs.com/advisories/985", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/985" }, { "reference_url": "https://github.com/advisories/GHSA-388g-jwpg-x6j4", "reference_id": "GHSA-388g-jwpg-x6j4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-388g-jwpg-x6j4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17757?format=api", "purl": "pkg:npm/swagger-ui@3.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3v8v-mvbs-rkhu" }, { "vulnerability": "VCID-e33g-ayx5-rffp" }, { "vulnerability": "VCID-ha7j-575w-c7eu" }, { "vulnerability": "VCID-jqwv-yhzm-gke8" }, { "vulnerability": "VCID-n2b6-kqqb-c7hy" }, { "vulnerability": "VCID-zn7g-cnwj-fud3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.0.13" } ], "aliases": [ "GHSA-388g-jwpg-x6j4", "GMS-2020-781" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4a5e-u6eu-a7g1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/159351?format=api", "vulnerability_id": "VCID-e33g-ayx5-rffp", "summary": "Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-25031", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.8042", "scoring_system": "epss", "scoring_elements": "0.99155", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.8042", "scoring_system": "epss", "scoring_elements": "0.99152", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-25031" }, { "reference_url": "https://github.com/swagger-api/swagger-ui", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/pull/7697", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/pull/7697" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220407-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220407-0004" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/issues/4872", "reference_id": "4872", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:12:25Z/" } ], "url": "https://github.com/swagger-api/swagger-ui/issues/4872" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25031", "reference_id": "CVE-2018-25031", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25031" }, { "reference_url": "https://github.com/advisories/GHSA-cr3q-pqgq-m8c2", "reference_id": "GHSA-cr3q-pqgq-m8c2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cr3q-pqgq-m8c2" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220407-0004/", "reference_id": "ntap-20220407-0004", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:12:25Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220407-0004/" }, { "reference_url": "https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885", "reference_id": "SNYK-JS-SWAGGERUI-2314885", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:12:25Z/" } ], "url": "https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3", "reference_id": "v4.1.3", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:12:25Z/" } ], "url": "https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18236?format=api", "purl": "pkg:npm/swagger-ui@4.1.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@4.1.3" } ], "aliases": [ "CVE-2018-25031", "GHSA-cr3q-pqgq-m8c2" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e33g-ayx5-rffp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204160?format=api", "vulnerability_id": "VCID-ha7j-575w-c7eu", "summary": "Cross-site scripting in Swagger-UI", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17495", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11565", "scoring_system": "epss", "scoring_elements": "0.93802", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.11565", "scoring_system": "epss", "scoring_elements": "0.93828", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.11565", "scoring_system": "epss", "scoring_elements": "0.93823", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17495" }, { "reference_url": "https://github.com/springfox/springfox/commit/26f72f0d16b166e12c20255a4ee907dc10685cf8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/springfox/springfox/commit/26f72f0d16b166e12c20255a4ee907dc10685cf8" }, { "reference_url": "https://github.com/swagger-api/swagger-ui", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11" }, { "reference_url": "https://github.com/tarantula-team/CSS-injection-in-Swagger-UI", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tarantula-team/CSS-injection-in-Swagger-UI" }, { "reference_url": "https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aaad845895955e91@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aaad845895955e91@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484ab534c3a61ef9cf@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484ab534c3a61ef9cf@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r84b327f7a8b6b28857b906c07a66dd98e1d341191fa8d7816514ef96@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r84b327f7a8b6b28857b906c07a66dd98e1d341191fa8d7816514ef96@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r853ffeb915a400f899de78124d4e0d77a19379d2e11bf8f4e98c624f@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r853ffeb915a400f899de78124d4e0d77a19379d2e11bf8f4e98c624f@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ref70b940c4f69560d29d6ba792d6c82865e74de3dcad4c92d99b1f8f@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ref70b940c4f69560d29d6ba792d6c82865e74de3dcad4c92d99b1f8f@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://security.snyk.io/vuln/maven?search=CVE-2019-17495", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.snyk.io/vuln/maven?search=CVE-2019-17495" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17495", "reference_id": "CVE-2019-17495", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17495" }, { "reference_url": "https://github.com/advisories/GHSA-c427-hjc3-wrfw", "reference_id": "GHSA-c427-hjc3-wrfw", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c427-hjc3-wrfw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15662?format=api", "purl": "pkg:npm/swagger-ui@3.23.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3v8v-mvbs-rkhu" }, { "vulnerability": "VCID-e33g-ayx5-rffp" }, { "vulnerability": "VCID-zn7g-cnwj-fud3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.23.11" } ], "aliases": [ "CVE-2019-17495", "GHSA-c427-hjc3-wrfw" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ha7j-575w-c7eu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/203807?format=api", "vulnerability_id": "VCID-jqwv-yhzm-gke8", "summary": "Reverse Tabnapping in swagger-ui", "references": [ { "reference_url": "https://github.com/swagger-api/swagger-ui/commit/3f4cae3334fdd492a373f4453bd03a9ebd87becf", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/commit/3f4cae3334fdd492a373f4453bd03a9ebd87becf" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/pull/4789", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/pull/4789" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/releases/tag/v3.18.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/releases/tag/v3.18.0" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449808", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449808" }, { "reference_url": "https://www.npmjs.com/advisories/975", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/975" }, { "reference_url": "https://github.com/advisories/GHSA-x9p2-fxq6-2m5f", "reference_id": "GHSA-x9p2-fxq6-2m5f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x9p2-fxq6-2m5f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15399?format=api", "purl": "pkg:npm/swagger-ui@3.18.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3v8v-mvbs-rkhu" }, { "vulnerability": "VCID-e33g-ayx5-rffp" }, { "vulnerability": "VCID-ha7j-575w-c7eu" }, { "vulnerability": "VCID-n2b6-kqqb-c7hy" }, { "vulnerability": "VCID-zn7g-cnwj-fud3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.18.0" } ], "aliases": [ "GHSA-x9p2-fxq6-2m5f", "GMS-2019-143" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jqwv-yhzm-gke8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206224?format=api", "vulnerability_id": "VCID-n2b6-kqqb-c7hy", "summary": "Cross-Site Scripting in swagger-ui", "references": [ { "reference_url": "https://github.com/swagger-api/swagger-ui", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/commit/1e184e8e218676278c83e60a45846c199ce3d15e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/commit/1e184e8e218676278c83e60a45846c199ce3d15e" }, { "reference_url": "https://github.com/swagger-api/swagger-ui/pull/5190", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui/pull/5190" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449921", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449921" }, { "reference_url": "https://www.npmjs.com/advisories/976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.npmjs.com/advisories/976" }, { "reference_url": "https://github.com/advisories/GHSA-4f9m-pxwh-68hg", "reference_id": "GHSA-4f9m-pxwh-68hg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4f9m-pxwh-68hg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17759?format=api", "purl": "pkg:npm/swagger-ui@3.20.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3v8v-mvbs-rkhu" }, { "vulnerability": "VCID-e33g-ayx5-rffp" }, { "vulnerability": "VCID-ha7j-575w-c7eu" }, { "vulnerability": "VCID-zn7g-cnwj-fud3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.20.9" } ], "aliases": [ "GHSA-4f9m-pxwh-68hg", "GMS-2020-782" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n2b6-kqqb-c7hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208420?format=api", "vulnerability_id": "VCID-zn7g-cnwj-fud3", "summary": "Spoofing attack in swagger-ui-dist", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46708", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52536", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52408", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52549", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46708" }, { "reference_url": "https://github.com/swagger-api/swagger-ui", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/swagger-api/swagger-ui" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220407-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220407-0004" }, { "reference_url": "https://security.snyk.io/vuln/SNYK-JS-SWAGGERUIDIST-2314884", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.snyk.io/vuln/SNYK-JS-SWAGGERUIDIST-2314884" }, { "reference_url": "https://www.npmjs.com/package/swagger-ui-dist/v/4.1.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/package/swagger-ui-dist/v/4.1.3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46708", "reference_id": "CVE-2021-46708", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46708" }, { "reference_url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x", "reference_id": "GHSA-6c9x-mj3g-h47x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18236?format=api", "purl": "pkg:npm/swagger-ui@4.1.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@4.1.3" } ], "aliases": [ "CVE-2021-46708", "GHSA-6c9x-mj3g-h47x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zn7g-cnwj-fud3" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.0.3" }