Package Instance

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/52839?format=api",
    "purl": "pkg:npm/swagger-ui@2.1.4-M1",
    "type": "npm",
    "namespace": "",
    "name": "swagger-ui",
    "version": "2.1.4-M1",
    "qualifiers": {},
    "subpath": "",
    "is_vulnerable": true,
    "next_non_vulnerable_version": "2.2.1",
    "latest_non_vulnerable_version": "4.1.3",
    "affected_by_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53041?format=api",
            "vulnerability_id": "VCID-3hsn-22rw-7kay",
            "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nSwagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5682.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5682.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5682",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00279",
                            "scoring_system": "epss",
                            "scoring_elements": "0.5156",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5682"
                },
                {
                    "reference_url": "https://community.rapid7.com/community/infosec/blog/2016/09/02/r7-2016-19-persistent-xss-via-unescaped-parameters-in-swagger-ui",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://community.rapid7.com/community/infosec/blog/2016/09/02/r7-2016-19-persistent-xss-via-unescaped-parameters-in-swagger-ui"
                },
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui"
                },
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui/issues/1865",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui/issues/1865"
                },
                {
                    "reference_url": "https://www.npmjs.com/advisories/126",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.npmjs.com/advisories/126"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443546",
                    "reference_id": "1443546",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443546"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5682",
                    "reference_id": "CVE-2016-5682",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5682"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-p239-93f7-h6xf",
                    "reference_id": "GHSA-p239-93f7-h6xf",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-p239-93f7-h6xf"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/6580?format=api",
                    "purl": "pkg:npm/swagger-ui@2.2.1",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/52843?format=api",
                    "purl": "pkg:npm/swagger-ui@2.2.2",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-gdhu-jxfv-k7a9"
                        },
                        {
                            "vulnerability": "VCID-h64t-4k96-h7d4"
                        },
                        {
                            "vulnerability": "VCID-mpx5-7r4y-77a9"
                        },
                        {
                            "vulnerability": "VCID-wfzu-tsmb-nqf1"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2"
                }
            ],
            "aliases": [
                "CVE-2016-5682",
                "GHSA-p239-93f7-h6xf"
            ],
            "risk_score": 4.5,
            "exploitability": "0.5",
            "weighted_severity": "9.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3hsn-22rw-7kay"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30537?format=api",
            "vulnerability_id": "VCID-5918-w4jq-rka8",
            "summary": "XSS in Consumes/Produces Parameter\nSwagger is a standardized library for documenting API endpoints and their parameters.  Swagger uses a JSON document to organize API endpoint parameter data.\n\nSwagger-UI version 2.1.4 contains a cross site scripting (XSS) vulnerability in the `consumes` and `produces` parameters of the swagger json document for a given API.  A maliciously crafted swagger JSON doc can be loaded via the URL query-string parameter `url`.\n\n To exploit the vulnerability, an attacker would convince a user to visit a malicious url crafted in the following format:\n ```\nhttp://<USER_HOSTNAME>/swagger-ui/index.html?url=http://<MALICIOUS_HOSTNAME>/malicious-swagger-file.json\n````\n\nThis issue is being disclosed before a public patched release is available due to the issue being made public in a Github issue.",
            "references": [
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui"
                },
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui/issues/1866",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.1",
                            "scoring_system": "cvssv3",
                            "scoring_elements": ""
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui/issues/1866"
                },
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui/pull/1867",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.1",
                            "scoring_system": "cvssv3",
                            "scoring_elements": ""
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui/pull/1867"
                },
                {
                    "reference_url": "https://www.npmjs.com/advisories/123",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.npmjs.com/advisories/123"
                },
                {
                    "reference_url": "https://github.com/nodejs/security-wg/blob/main/vuln/npm/123.json",
                    "reference_id": "123",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.1",
                            "scoring_system": "cvssv3",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/nodejs/security-wg/blob/main/vuln/npm/123.json"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000226",
                    "reference_id": "CVE-2016-1000226",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000226"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-7f59-x49p-v8mq",
                    "reference_id": "GHSA-7f59-x49p-v8mq",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-7f59-x49p-v8mq"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/6578?format=api",
                    "purl": "pkg:npm/swagger-ui@2.1.5",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3hsn-22rw-7kay"
                        },
                        {
                            "vulnerability": "VCID-5918-w4jq-rka8"
                        },
                        {
                            "vulnerability": "VCID-fc6y-84x3-8bgu"
                        },
                        {
                            "vulnerability": "VCID-gdhu-jxfv-k7a9"
                        },
                        {
                            "vulnerability": "VCID-h64t-4k96-h7d4"
                        },
                        {
                            "vulnerability": "VCID-hvuf-t6m7-fuhh"
                        },
                        {
                            "vulnerability": "VCID-mjr2-z5x4-e3bs"
                        },
                        {
                            "vulnerability": "VCID-mpx5-7r4y-77a9"
                        },
                        {
                            "vulnerability": "VCID-r28p-re5d-uya7"
                        },
                        {
                            "vulnerability": "VCID-wfzu-tsmb-nqf1"
                        },
                        {
                            "vulnerability": "VCID-znja-a329-yyh9"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.1.5"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/6580?format=api",
                    "purl": "pkg:npm/swagger-ui@2.2.1",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/52843?format=api",
                    "purl": "pkg:npm/swagger-ui@2.2.2",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-gdhu-jxfv-k7a9"
                        },
                        {
                            "vulnerability": "VCID-h64t-4k96-h7d4"
                        },
                        {
                            "vulnerability": "VCID-mpx5-7r4y-77a9"
                        },
                        {
                            "vulnerability": "VCID-wfzu-tsmb-nqf1"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2"
                }
            ],
            "aliases": [
                "CVE-2016-1000226",
                "GHSA-7f59-x49p-v8mq",
                "GMS-2020-783"
            ],
            "risk_score": 4.5,
            "exploitability": "0.5",
            "weighted_severity": "9.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5918-w4jq-rka8"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53572?format=api",
            "vulnerability_id": "VCID-fc6y-84x3-8bgu",
            "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in swagger-ui.",
            "references": [
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui"
                },
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui/issues/1864",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui/issues/1864"
                },
                {
                    "reference_url": "https://www.npmjs.com/advisories/986",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.npmjs.com/advisories/986"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-vp93-gcx5-4w52",
                    "reference_id": "GHSA-vp93-gcx5-4w52",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-vp93-gcx5-4w52"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/6580?format=api",
                    "purl": "pkg:npm/swagger-ui@2.2.1",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/52843?format=api",
                    "purl": "pkg:npm/swagger-ui@2.2.2",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-gdhu-jxfv-k7a9"
                        },
                        {
                            "vulnerability": "VCID-h64t-4k96-h7d4"
                        },
                        {
                            "vulnerability": "VCID-mpx5-7r4y-77a9"
                        },
                        {
                            "vulnerability": "VCID-wfzu-tsmb-nqf1"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2"
                }
            ],
            "aliases": [
                "GHSA-vp93-gcx5-4w52",
                "GMS-2020-786"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fc6y-84x3-8bgu"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51890?format=api",
            "vulnerability_id": "VCID-gdhu-jxfv-k7a9",
            "summary": "Injection Vulnerability\nA Cascading Style Sheets (CSS) injection vulnerability in Swagger UI allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that `<style>@import` within the JSON data was a functional attack method.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17495",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.11565",
                            "scoring_system": "epss",
                            "scoring_elements": "0.93773",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17495"
                },
                {
                    "reference_url": "https://github.com/springfox/springfox/commit/26f72f0d16b166e12c20255a4ee907dc10685cf8",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/springfox/springfox/commit/26f72f0d16b166e12c20255a4ee907dc10685cf8"
                },
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui"
                },
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11"
                },
                {
                    "reference_url": "https://github.com/tarantula-team/CSS-injection-in-Swagger-UI",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/tarantula-team/CSS-injection-in-Swagger-UI"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aaad845895955e91@%3Ccommits.airflow.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aaad845895955e91@%3Ccommits.airflow.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484ab534c3a61ef9cf@%3Ccommits.airflow.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484ab534c3a61ef9cf@%3Ccommits.airflow.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/r84b327f7a8b6b28857b906c07a66dd98e1d341191fa8d7816514ef96@%3Ccommits.airflow.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.apache.org/thread.html/r84b327f7a8b6b28857b906c07a66dd98e1d341191fa8d7816514ef96@%3Ccommits.airflow.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/r853ffeb915a400f899de78124d4e0d77a19379d2e11bf8f4e98c624f@%3Ccommits.airflow.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.apache.org/thread.html/r853ffeb915a400f899de78124d4e0d77a19379d2e11bf8f4e98c624f@%3Ccommits.airflow.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/ref70b940c4f69560d29d6ba792d6c82865e74de3dcad4c92d99b1f8f@%3Ccommits.airflow.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.apache.org/thread.html/ref70b940c4f69560d29d6ba792d6c82865e74de3dcad4c92d99b1f8f@%3Ccommits.airflow.apache.org%3E"
                },
                {
                    "reference_url": "https://security.snyk.io/vuln/maven?search=CVE-2019-17495",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.snyk.io/vuln/maven?search=CVE-2019-17495"
                },
                {
                    "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                    "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                    "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                },
                {
                    "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17495",
                    "reference_id": "CVE-2019-17495",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17495"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-c427-hjc3-wrfw",
                    "reference_id": "GHSA-c427-hjc3-wrfw",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-c427-hjc3-wrfw"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/76042?format=api",
                    "purl": "pkg:npm/swagger-ui@3.23.11",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.23.11"
                }
            ],
            "aliases": [
                "CVE-2019-17495",
                "GHSA-c427-hjc3-wrfw"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gdhu-jxfv-k7a9"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41112?format=api",
            "vulnerability_id": "VCID-h64t-4k96-h7d4",
            "summary": "Reverse Tabnapping in swagger-ui\nVersions of `swagger-ui` prior to 3.18.0 are vulnerable to [Reverse Tabnapping](https://www.owasp.org/index.php/Reverse_Tabnabbing). The package uses `target='_blank'` in anchor tags, allowing attackers to access `window.opener` for the original page. This is commonly used for phishing attacks.\n\n\n## Recommendation\n\nUpgrade to version 3.18.0 or later.",
            "references": [
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui/commit/3f4cae3334fdd492a373f4453bd03a9ebd87becf",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui/commit/3f4cae3334fdd492a373f4453bd03a9ebd87becf"
                },
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui/pull/4789",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui/pull/4789"
                },
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui/releases/tag/v3.18.0",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui/releases/tag/v3.18.0"
                },
                {
                    "reference_url": "https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449808",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449808"
                },
                {
                    "reference_url": "https://www.npmjs.com/advisories/975",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.npmjs.com/advisories/975"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-x9p2-fxq6-2m5f",
                    "reference_id": "GHSA-x9p2-fxq6-2m5f",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-x9p2-fxq6-2m5f"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/58241?format=api",
                    "purl": "pkg:npm/swagger-ui@3.18.0",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-gdhu-jxfv-k7a9"
                        },
                        {
                            "vulnerability": "VCID-mpx5-7r4y-77a9"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.18.0"
                }
            ],
            "aliases": [
                "GHSA-x9p2-fxq6-2m5f",
                "GMS-2019-143"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h64t-4k96-h7d4"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53560?format=api",
            "vulnerability_id": "VCID-hvuf-t6m7-fuhh",
            "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in swagger-ui.",
            "references": [
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui"
                },
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui/issues/830",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui/issues/830"
                },
                {
                    "reference_url": "https://www.npmjs.com/advisories/988",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.npmjs.com/advisories/988"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-w992-2gmj-9xxj",
                    "reference_id": "GHSA-w992-2gmj-9xxj",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-w992-2gmj-9xxj"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/6580?format=api",
                    "purl": "pkg:npm/swagger-ui@2.2.1",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/52843?format=api",
                    "purl": "pkg:npm/swagger-ui@2.2.2",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-gdhu-jxfv-k7a9"
                        },
                        {
                            "vulnerability": "VCID-h64t-4k96-h7d4"
                        },
                        {
                            "vulnerability": "VCID-mpx5-7r4y-77a9"
                        },
                        {
                            "vulnerability": "VCID-wfzu-tsmb-nqf1"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2"
                }
            ],
            "aliases": [
                "GHSA-w992-2gmj-9xxj",
                "GMS-2020-787"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hvuf-t6m7-fuhh"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52988?format=api",
            "vulnerability_id": "VCID-mjr2-z5x4-e3bs",
            "summary": "Cross-Site Scripting in swagger-ui\nAffected versions of `swagger-ui` are vulnerable to cross-site scripting via the `url` query string parameter.\n\n\n## Recommendation\n\nUpdate to 2.2.1 or later.",
            "references": [
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui"
                },
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui/commit/a1aea70f2c64533bf053a41d4da5a8accd0117b7",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui/commit/a1aea70f2c64533bf053a41d4da5a8accd0117b7"
                },
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui/issues/1617",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui/issues/1617"
                },
                {
                    "reference_url": "https://www.npmjs.com/advisories/137",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.npmjs.com/advisories/137"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-g336-c7wv-8hp3",
                    "reference_id": "GHSA-g336-c7wv-8hp3",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-g336-c7wv-8hp3"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/6580?format=api",
                    "purl": "pkg:npm/swagger-ui@2.2.1",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/52843?format=api",
                    "purl": "pkg:npm/swagger-ui@2.2.2",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-gdhu-jxfv-k7a9"
                        },
                        {
                            "vulnerability": "VCID-h64t-4k96-h7d4"
                        },
                        {
                            "vulnerability": "VCID-mpx5-7r4y-77a9"
                        },
                        {
                            "vulnerability": "VCID-wfzu-tsmb-nqf1"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2"
                }
            ],
            "aliases": [
                "GHSA-g336-c7wv-8hp3",
                "GMS-2020-784"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mjr2-z5x4-e3bs"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53561?format=api",
            "vulnerability_id": "VCID-mpx5-7r4y-77a9",
            "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in swagger-ui.",
            "references": [
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui"
                },
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui/commit/1e184e8e218676278c83e60a45846c199ce3d15e",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui/commit/1e184e8e218676278c83e60a45846c199ce3d15e"
                },
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui/pull/5190",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui/pull/5190"
                },
                {
                    "reference_url": "https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449921",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449921"
                },
                {
                    "reference_url": "https://www.npmjs.com/advisories/976",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://www.npmjs.com/advisories/976"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-4f9m-pxwh-68hg",
                    "reference_id": "GHSA-4f9m-pxwh-68hg",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-4f9m-pxwh-68hg"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/78617?format=api",
                    "purl": "pkg:npm/swagger-ui@3.20.9",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-gdhu-jxfv-k7a9"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.20.9"
                }
            ],
            "aliases": [
                "GHSA-4f9m-pxwh-68hg",
                "GMS-2020-782"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mpx5-7r4y-77a9"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38169?format=api",
            "vulnerability_id": "VCID-px4x-gzkk-8qhq",
            "summary": "XSS in Consumes/Produces Parameter\nSwagger-UI contains a cross site scripting (XSS) vulnerability in the `consumes` and `produces` parameters of the swagger JSON document for a given API. A maliciously crafted swagger JSON doc can be loaded via the URL query-string parameter `url`.",
            "references": [
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui/issues/1866",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/swagger-api/swagger-ui/issues/1866"
                },
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui/pull/1867",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/swagger-api/swagger-ui/pull/1867"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/205017?format=api",
                    "purl": "pkg:npm/swagger-ui@2.1.5-M1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3hsn-22rw-7kay"
                        },
                        {
                            "vulnerability": "VCID-5918-w4jq-rka8"
                        },
                        {
                            "vulnerability": "VCID-fc6y-84x3-8bgu"
                        },
                        {
                            "vulnerability": "VCID-gdhu-jxfv-k7a9"
                        },
                        {
                            "vulnerability": "VCID-h64t-4k96-h7d4"
                        },
                        {
                            "vulnerability": "VCID-hvuf-t6m7-fuhh"
                        },
                        {
                            "vulnerability": "VCID-mjr2-z5x4-e3bs"
                        },
                        {
                            "vulnerability": "VCID-mpx5-7r4y-77a9"
                        },
                        {
                            "vulnerability": "VCID-r28p-re5d-uya7"
                        },
                        {
                            "vulnerability": "VCID-ssvy-b8kw-uygc"
                        },
                        {
                            "vulnerability": "VCID-uyf1-htgj-6bdp"
                        },
                        {
                            "vulnerability": "VCID-wfzu-tsmb-nqf1"
                        },
                        {
                            "vulnerability": "VCID-znja-a329-yyh9"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.1.5-M1"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/6578?format=api",
                    "purl": "pkg:npm/swagger-ui@2.1.5",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3hsn-22rw-7kay"
                        },
                        {
                            "vulnerability": "VCID-5918-w4jq-rka8"
                        },
                        {
                            "vulnerability": "VCID-fc6y-84x3-8bgu"
                        },
                        {
                            "vulnerability": "VCID-gdhu-jxfv-k7a9"
                        },
                        {
                            "vulnerability": "VCID-h64t-4k96-h7d4"
                        },
                        {
                            "vulnerability": "VCID-hvuf-t6m7-fuhh"
                        },
                        {
                            "vulnerability": "VCID-mjr2-z5x4-e3bs"
                        },
                        {
                            "vulnerability": "VCID-mpx5-7r4y-77a9"
                        },
                        {
                            "vulnerability": "VCID-r28p-re5d-uya7"
                        },
                        {
                            "vulnerability": "VCID-wfzu-tsmb-nqf1"
                        },
                        {
                            "vulnerability": "VCID-znja-a329-yyh9"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.1.5"
                }
            ],
            "aliases": [
                "GMS-2016-42"
            ],
            "risk_score": null,
            "exploitability": "0.5",
            "weighted_severity": "0.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-px4x-gzkk-8qhq"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30542?format=api",
            "vulnerability_id": "VCID-r28p-re5d-uya7",
            "summary": "XSS via Content-type header\nBy using a malicious server which returns script as the value of the Content-Type header, it is possible to execute arbitrary code using the demonstration capabilities of Swagger-UI.",
            "references": [
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui"
                },
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui/commit/331d2be070d89162aa3174a8773ae4a0093f78bc",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui/commit/331d2be070d89162aa3174a8773ae4a0093f78bc"
                },
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui/issues/1863",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.3",
                            "scoring_system": "cvssv3",
                            "scoring_elements": ""
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui/issues/1863"
                },
                {
                    "reference_url": "https://www.npmjs.com/advisories/131",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.npmjs.com/advisories/131"
                },
                {
                    "reference_url": "https://github.com/nodejs/security-wg/blob/main/vuln/npm/131.json",
                    "reference_id": "131",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.3",
                            "scoring_system": "cvssv3",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/nodejs/security-wg/blob/main/vuln/npm/131.json"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000233",
                    "reference_id": "CVE-2016-1000233",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000233"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-mrx7-8hxf-f853",
                    "reference_id": "GHSA-mrx7-8hxf-f853",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-mrx7-8hxf-f853"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/6578?format=api",
                    "purl": "pkg:npm/swagger-ui@2.1.5",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3hsn-22rw-7kay"
                        },
                        {
                            "vulnerability": "VCID-5918-w4jq-rka8"
                        },
                        {
                            "vulnerability": "VCID-fc6y-84x3-8bgu"
                        },
                        {
                            "vulnerability": "VCID-gdhu-jxfv-k7a9"
                        },
                        {
                            "vulnerability": "VCID-h64t-4k96-h7d4"
                        },
                        {
                            "vulnerability": "VCID-hvuf-t6m7-fuhh"
                        },
                        {
                            "vulnerability": "VCID-mjr2-z5x4-e3bs"
                        },
                        {
                            "vulnerability": "VCID-mpx5-7r4y-77a9"
                        },
                        {
                            "vulnerability": "VCID-r28p-re5d-uya7"
                        },
                        {
                            "vulnerability": "VCID-wfzu-tsmb-nqf1"
                        },
                        {
                            "vulnerability": "VCID-znja-a329-yyh9"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.1.5"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/6580?format=api",
                    "purl": "pkg:npm/swagger-ui@2.2.1",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/52843?format=api",
                    "purl": "pkg:npm/swagger-ui@2.2.2",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-gdhu-jxfv-k7a9"
                        },
                        {
                            "vulnerability": "VCID-h64t-4k96-h7d4"
                        },
                        {
                            "vulnerability": "VCID-mpx5-7r4y-77a9"
                        },
                        {
                            "vulnerability": "VCID-wfzu-tsmb-nqf1"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2"
                }
            ],
            "aliases": [
                "CVE-2016-1000233",
                "GHSA-mrx7-8hxf-f853",
                "GMS-2020-785"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r28p-re5d-uya7"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38180?format=api",
            "vulnerability_id": "VCID-ssvy-b8kw-uygc",
            "summary": "XSS via Content-type header\nBy using a malicious server which returns script as the value of the Content-Type header, it is possible to execute arbitrary code using the demonstration capabilities of Swagger-UI.",
            "references": [
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui/issues/1863",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/swagger-api/swagger-ui/issues/1863"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/6578?format=api",
                    "purl": "pkg:npm/swagger-ui@2.1.5",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3hsn-22rw-7kay"
                        },
                        {
                            "vulnerability": "VCID-5918-w4jq-rka8"
                        },
                        {
                            "vulnerability": "VCID-fc6y-84x3-8bgu"
                        },
                        {
                            "vulnerability": "VCID-gdhu-jxfv-k7a9"
                        },
                        {
                            "vulnerability": "VCID-h64t-4k96-h7d4"
                        },
                        {
                            "vulnerability": "VCID-hvuf-t6m7-fuhh"
                        },
                        {
                            "vulnerability": "VCID-mjr2-z5x4-e3bs"
                        },
                        {
                            "vulnerability": "VCID-mpx5-7r4y-77a9"
                        },
                        {
                            "vulnerability": "VCID-r28p-re5d-uya7"
                        },
                        {
                            "vulnerability": "VCID-wfzu-tsmb-nqf1"
                        },
                        {
                            "vulnerability": "VCID-znja-a329-yyh9"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.1.5"
                }
            ],
            "aliases": [
                "GMS-2016-51"
            ],
            "risk_score": null,
            "exploitability": "0.5",
            "weighted_severity": "0.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ssvy-b8kw-uygc"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38174?format=api",
            "vulnerability_id": "VCID-uyf1-htgj-6bdp",
            "summary": "XSS in key names\nSwagger-ui contains a cross site scripting (XSS) vulnerability in the key names for the following object path in the JSON document: `.definitions.{USER_DEFINED}.properties.{INJECTABLE_KEY_NAME}`. Supplying a key name with script tags causes arbitrary code execution. In addition it is possible to load the arbitrary JSON files remotely via the `URL` query-string parameter.",
            "references": [
                {
                    "reference_url": "https://en.wikipedia.org/wiki/Content_Security_Policy",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://en.wikipedia.org/wiki/Content_Security_Policy"
                },
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui/issues/1865",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/swagger-api/swagger-ui/issues/1865"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/52843?format=api",
                    "purl": "pkg:npm/swagger-ui@2.2.2",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-gdhu-jxfv-k7a9"
                        },
                        {
                            "vulnerability": "VCID-h64t-4k96-h7d4"
                        },
                        {
                            "vulnerability": "VCID-mpx5-7r4y-77a9"
                        },
                        {
                            "vulnerability": "VCID-wfzu-tsmb-nqf1"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2"
                }
            ],
            "aliases": [
                "GMS-2016-45"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uyf1-htgj-6bdp"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53594?format=api",
            "vulnerability_id": "VCID-wfzu-tsmb-nqf1",
            "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in swagger-ui.",
            "references": [
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui"
                },
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui/issues/3163",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui/issues/3163"
                },
                {
                    "reference_url": "https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449941",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449941"
                },
                {
                    "reference_url": "https://www.npmjs.com/advisories/985",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.npmjs.com/advisories/985"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-388g-jwpg-x6j4",
                    "reference_id": "GHSA-388g-jwpg-x6j4",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-388g-jwpg-x6j4"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/78655?format=api",
                    "purl": "pkg:npm/swagger-ui@3.0.13",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-gdhu-jxfv-k7a9"
                        },
                        {
                            "vulnerability": "VCID-h64t-4k96-h7d4"
                        },
                        {
                            "vulnerability": "VCID-mpx5-7r4y-77a9"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.0.13"
                }
            ],
            "aliases": [
                "GHSA-388g-jwpg-x6j4",
                "GMS-2020-781"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wfzu-tsmb-nqf1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53571?format=api",
            "vulnerability_id": "VCID-znja-a329-yyh9",
            "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in swagger-ui.",
            "references": [
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui"
                },
                {
                    "reference_url": "https://github.com/swagger-api/swagger-ui/issues/1154",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/swagger-api/swagger-ui/issues/1154"
                },
                {
                    "reference_url": "https://www.npmjs.com/advisories/987",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.npmjs.com/advisories/987"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-22q9-hqm5-mhmc",
                    "reference_id": "GHSA-22q9-hqm5-mhmc",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-22q9-hqm5-mhmc"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/6580?format=api",
                    "purl": "pkg:npm/swagger-ui@2.2.1",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/52843?format=api",
                    "purl": "pkg:npm/swagger-ui@2.2.2",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-gdhu-jxfv-k7a9"
                        },
                        {
                            "vulnerability": "VCID-h64t-4k96-h7d4"
                        },
                        {
                            "vulnerability": "VCID-mpx5-7r4y-77a9"
                        },
                        {
                            "vulnerability": "VCID-wfzu-tsmb-nqf1"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2"
                }
            ],
            "aliases": [
                "GHSA-22q9-hqm5-mhmc",
                "GMS-2020-780"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znja-a329-yyh9"
        }
    ],
    "fixing_vulnerabilities": [],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.1.4-M1"
}