Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/swagger-ui@3.44.0

Type npm

Namespace

Name swagger-ui

Version 3.44.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.1.3

Latest_non_vulnerable_version 4.1.3

Affected_by_vulnerabilities

url VCID-3v8v-mvbs-rkhu

vulnerability_id VCID-3v8v-mvbs-rkhu

summary Server side request forgery in SwaggerUI

references

reference_url

https://github.com/domaindrivendev/Swashbuckle.AspNetCore/commit/401c7cb81e5efe835ceb8aae23e82057d57c7d29

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/domaindrivendev/Swashbuckle.AspNetCore/commit/401c7cb81e5efe835ceb8aae23e82057d57c7d29

reference_url

https://github.com/swagger-api/swagger-ui

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/swagger-api/swagger-ui

reference_url

https://github.com/swagger-api/swagger-ui/commit/01a3e55960f864a0acf6a8d06e5ddaf6776a7f76

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/swagger-api/swagger-ui/commit/01a3e55960f864a0acf6a8d06e5ddaf6776a7f76

reference_url

https://github.com/advisories/GHSA-qrmm-w75w-3wpx

reference_id

GHSA-qrmm-w75w-3wpx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qrmm-w75w-3wpx

reference_url

https://github.com/swagger-api/swagger-ui/security/advisories/GHSA-qrmm-w75w-3wpx

reference_id

GHSA-qrmm-w75w-3wpx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/swagger-api/swagger-ui/security/advisories/GHSA-qrmm-w75w-3wpx

fixed_packages

url	pkg:npm/swagger-ui@4.1.3
purl	pkg:npm/swagger-ui@4.1.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@4.1.3

aliases GHSA-qrmm-w75w-3wpx, GMS-2021-188, GMS-2021-327, GMS-2021-44, GMS-2021-470

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3v8v-mvbs-rkhu

url VCID-e33g-ayx5-rffp

vulnerability_id VCID-e33g-ayx5-rffp

summary Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-25031

reference_id

reference_type

scores

value	0.8042
scoring_system	epss
scoring_elements	0.99155
published_at	2026-06-14T12:55:00Z

value	0.8042
scoring_system	epss
scoring_elements	0.99152
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-25031

reference_url

https://github.com/swagger-api/swagger-ui

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/swagger-api/swagger-ui

reference_url

https://github.com/swagger-api/swagger-ui/pull/7697

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/swagger-api/swagger-ui/pull/7697

reference_url

https://security.netapp.com/advisory/ntap-20220407-0004

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220407-0004

reference_url

https://github.com/swagger-api/swagger-ui/issues/4872

reference_id

4872

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:12:25Z/

url

https://github.com/swagger-api/swagger-ui/issues/4872

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-25031

reference_id

CVE-2018-25031

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-25031

reference_url

https://github.com/advisories/GHSA-cr3q-pqgq-m8c2

reference_id

GHSA-cr3q-pqgq-m8c2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cr3q-pqgq-m8c2

reference_url

https://security.netapp.com/advisory/ntap-20220407-0004/

reference_id

ntap-20220407-0004

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:12:25Z/

url

https://security.netapp.com/advisory/ntap-20220407-0004/

reference_url

https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885

reference_id

SNYK-JS-SWAGGERUI-2314885

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:12:25Z/

url

https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885

reference_url

https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3

reference_id

v4.1.3

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:12:25Z/

url

https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3

fixed_packages

url	pkg:npm/swagger-ui@4.1.3
purl	pkg:npm/swagger-ui@4.1.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@4.1.3

aliases CVE-2018-25031, GHSA-cr3q-pqgq-m8c2

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e33g-ayx5-rffp

url VCID-zn7g-cnwj-fud3

vulnerability_id VCID-zn7g-cnwj-fud3

summary Spoofing attack in swagger-ui-dist

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-46708

reference_id

reference_type

scores

value	0.00286
scoring_system	epss
scoring_elements	0.52536
published_at	2026-06-12T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52408
published_at	2026-06-11T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52531
published_at	2026-06-14T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52549
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-46708

reference_url

https://github.com/swagger-api/swagger-ui

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/swagger-api/swagger-ui

reference_url

https://security.netapp.com/advisory/ntap-20220407-0004

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220407-0004

reference_url

https://security.snyk.io/vuln/SNYK-JS-SWAGGERUIDIST-2314884

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.snyk.io/vuln/SNYK-JS-SWAGGERUIDIST-2314884

reference_url

https://www.npmjs.com/package/swagger-ui-dist/v/4.1.3

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/package/swagger-ui-dist/v/4.1.3

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-46708

reference_id

CVE-2021-46708

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-46708

reference_url

https://github.com/advisories/GHSA-6c9x-mj3g-h47x

reference_id

GHSA-6c9x-mj3g-h47x

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6c9x-mj3g-h47x

fixed_packages

url	pkg:npm/swagger-ui@4.1.3
purl	pkg:npm/swagger-ui@4.1.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@4.1.3

aliases CVE-2021-46708, GHSA-6c9x-mj3g-h47x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zn7g-cnwj-fud3

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.44.0

Package Instance