Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/swagger-ui@2.1.0-M2
Typenpm
Namespace
Nameswagger-ui
Version2.1.0-M2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.2.1
Latest_non_vulnerable_version4.1.3
Affected_by_vulnerabilities
0
url VCID-3hsn-22rw-7kay
vulnerability_id VCID-3hsn-22rw-7kay
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5682.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5682.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-5682
reference_id
reference_type
scores
0
value 0.00279
scoring_system epss
scoring_elements 0.5156
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-5682
2
reference_url https://community.rapid7.com/community/infosec/blog/2016/09/02/r7-2016-19-persistent-xss-via-unescaped-parameters-in-swagger-ui
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://community.rapid7.com/community/infosec/blog/2016/09/02/r7-2016-19-persistent-xss-via-unescaped-parameters-in-swagger-ui
3
reference_url https://github.com/swagger-api/swagger-ui
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui
4
reference_url https://github.com/swagger-api/swagger-ui/issues/1865
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui/issues/1865
5
reference_url https://www.npmjs.com/advisories/126
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/126
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1443546
reference_id 1443546
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1443546
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-5682
reference_id CVE-2016-5682
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-5682
8
reference_url https://github.com/advisories/GHSA-p239-93f7-h6xf
reference_id GHSA-p239-93f7-h6xf
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p239-93f7-h6xf
fixed_packages
0
url pkg:npm/swagger-ui@2.2.1
purl pkg:npm/swagger-ui@2.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1
1
url pkg:npm/swagger-ui@2.2.2
purl pkg:npm/swagger-ui@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gdhu-jxfv-k7a9
1
vulnerability VCID-h64t-4k96-h7d4
2
vulnerability VCID-mpx5-7r4y-77a9
3
vulnerability VCID-wfzu-tsmb-nqf1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2
aliases CVE-2016-5682, GHSA-p239-93f7-h6xf
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3hsn-22rw-7kay
1
url VCID-5918-w4jq-rka8
vulnerability_id VCID-5918-w4jq-rka8
summary 
XSS in Consumes/Produces Parameter
Swagger is a standardized library for documenting API endpoints and their parameters.  Swagger uses a JSON document to organize API endpoint parameter data.

Swagger-UI version 2.1.4 contains a cross site scripting (XSS) vulnerability in the `consumes` and `produces` parameters of the swagger json document for a given API.  A maliciously crafted swagger JSON doc can be loaded via the URL query-string parameter `url`.

 To exploit the vulnerability, an attacker would convince a user to visit a malicious url crafted in the following format:
 ```
http://<USER_HOSTNAME>/swagger-ui/index.html?url=http://<MALICIOUS_HOSTNAME>/malicious-swagger-file.json
````

This issue is being disclosed before a public patched release is available due to the issue being made public in a Github issue.
references
0
reference_url https://github.com/swagger-api/swagger-ui
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui
1
reference_url https://github.com/swagger-api/swagger-ui/issues/1866
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui/issues/1866
2
reference_url https://github.com/swagger-api/swagger-ui/pull/1867
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui/pull/1867
3
reference_url https://www.npmjs.com/advisories/123
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/123
4
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/123.json
reference_id 123
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/123.json
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000226
reference_id CVE-2016-1000226
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000226
6
reference_url https://github.com/advisories/GHSA-7f59-x49p-v8mq
reference_id GHSA-7f59-x49p-v8mq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7f59-x49p-v8mq
fixed_packages
0
url pkg:npm/swagger-ui@2.1.5
purl pkg:npm/swagger-ui@2.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hsn-22rw-7kay
1
vulnerability VCID-5918-w4jq-rka8
2
vulnerability VCID-fc6y-84x3-8bgu
3
vulnerability VCID-gdhu-jxfv-k7a9
4
vulnerability VCID-h64t-4k96-h7d4
5
vulnerability VCID-hvuf-t6m7-fuhh
6
vulnerability VCID-mjr2-z5x4-e3bs
7
vulnerability VCID-mpx5-7r4y-77a9
8
vulnerability VCID-r28p-re5d-uya7
9
vulnerability VCID-wfzu-tsmb-nqf1
10
vulnerability VCID-znja-a329-yyh9
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.1.5
1
url pkg:npm/swagger-ui@2.2.1
purl pkg:npm/swagger-ui@2.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1
2
url pkg:npm/swagger-ui@2.2.2
purl pkg:npm/swagger-ui@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gdhu-jxfv-k7a9
1
vulnerability VCID-h64t-4k96-h7d4
2
vulnerability VCID-mpx5-7r4y-77a9
3
vulnerability VCID-wfzu-tsmb-nqf1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2
aliases CVE-2016-1000226, GHSA-7f59-x49p-v8mq, GMS-2020-783
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5918-w4jq-rka8
2
url VCID-6xjv-drz7-tbgc
vulnerability_id VCID-6xjv-drz7-tbgc
summary 
XSS in URL Query String Parameter
There's a cross site scripting (XSS) vulnerability in the `url` query string parameter.
references
0
reference_url https://github.com/swagger-api/swagger-ui/issues/1262
reference_id
reference_type
scores
url https://github.com/swagger-api/swagger-ui/issues/1262
fixed_packages
0
url pkg:npm/swagger-ui@2.1.0
purl pkg:npm/swagger-ui@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hsn-22rw-7kay
1
vulnerability VCID-5918-w4jq-rka8
2
vulnerability VCID-fc6y-84x3-8bgu
3
vulnerability VCID-gdhu-jxfv-k7a9
4
vulnerability VCID-h64t-4k96-h7d4
5
vulnerability VCID-hvuf-t6m7-fuhh
6
vulnerability VCID-mjr2-z5x4-e3bs
7
vulnerability VCID-mpx5-7r4y-77a9
8
vulnerability VCID-r28p-re5d-uya7
9
vulnerability VCID-uyf1-htgj-6bdp
10
vulnerability VCID-wfzu-tsmb-nqf1
11
vulnerability VCID-znja-a329-yyh9
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.1.0
aliases GMS-2016-59
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xjv-drz7-tbgc
3
url VCID-fc6y-84x3-8bgu
vulnerability_id VCID-fc6y-84x3-8bgu
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in swagger-ui.
references
0
reference_url https://github.com/swagger-api/swagger-ui
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui
1
reference_url https://github.com/swagger-api/swagger-ui/issues/1864
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui/issues/1864
2
reference_url https://www.npmjs.com/advisories/986
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/986
3
reference_url https://github.com/advisories/GHSA-vp93-gcx5-4w52
reference_id GHSA-vp93-gcx5-4w52
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vp93-gcx5-4w52
fixed_packages
0
url pkg:npm/swagger-ui@2.2.1
purl pkg:npm/swagger-ui@2.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1
1
url pkg:npm/swagger-ui@2.2.2
purl pkg:npm/swagger-ui@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gdhu-jxfv-k7a9
1
vulnerability VCID-h64t-4k96-h7d4
2
vulnerability VCID-mpx5-7r4y-77a9
3
vulnerability VCID-wfzu-tsmb-nqf1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2
aliases GHSA-vp93-gcx5-4w52, GMS-2020-786
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fc6y-84x3-8bgu
4
url VCID-gdhu-jxfv-k7a9
vulnerability_id VCID-gdhu-jxfv-k7a9
summary 
Injection Vulnerability
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that `<style>@import` within the JSON data was a functional attack method.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-17495
reference_id
reference_type
scores
0
value 0.11565
scoring_system epss
scoring_elements 0.93773
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-17495
1
reference_url https://github.com/springfox/springfox/commit/26f72f0d16b166e12c20255a4ee907dc10685cf8
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/springfox/springfox/commit/26f72f0d16b166e12c20255a4ee907dc10685cf8
2
reference_url https://github.com/swagger-api/swagger-ui
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui
3
reference_url https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11
4
reference_url https://github.com/tarantula-team/CSS-injection-in-Swagger-UI
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/tarantula-team/CSS-injection-in-Swagger-UI
5
reference_url https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aaad845895955e91@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aaad845895955e91@%3Ccommits.airflow.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484ab534c3a61ef9cf@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484ab534c3a61ef9cf@%3Ccommits.airflow.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r84b327f7a8b6b28857b906c07a66dd98e1d341191fa8d7816514ef96@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r84b327f7a8b6b28857b906c07a66dd98e1d341191fa8d7816514ef96@%3Ccommits.airflow.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r853ffeb915a400f899de78124d4e0d77a19379d2e11bf8f4e98c624f@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r853ffeb915a400f899de78124d4e0d77a19379d2e11bf8f4e98c624f@%3Ccommits.airflow.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/ref70b940c4f69560d29d6ba792d6c82865e74de3dcad4c92d99b1f8f@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ref70b940c4f69560d29d6ba792d6c82865e74de3dcad4c92d99b1f8f@%3Ccommits.airflow.apache.org%3E
10
reference_url https://security.snyk.io/vuln/maven?search=CVE-2019-17495
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/maven?search=CVE-2019-17495
11
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
12
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
13
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
14
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-17495
reference_id CVE-2019-17495
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-17495
16
reference_url https://github.com/advisories/GHSA-c427-hjc3-wrfw
reference_id GHSA-c427-hjc3-wrfw
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c427-hjc3-wrfw
fixed_packages
0
url pkg:npm/swagger-ui@3.23.11
purl pkg:npm/swagger-ui@3.23.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.23.11
aliases CVE-2019-17495, GHSA-c427-hjc3-wrfw
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gdhu-jxfv-k7a9
5
url VCID-h64t-4k96-h7d4
vulnerability_id VCID-h64t-4k96-h7d4
summary 
Reverse Tabnapping in swagger-ui
Versions of `swagger-ui` prior to 3.18.0 are vulnerable to [Reverse Tabnapping](https://www.owasp.org/index.php/Reverse_Tabnabbing). The package uses `target='_blank'` in anchor tags, allowing attackers to access `window.opener` for the original page. This is commonly used for phishing attacks.


## Recommendation

Upgrade to version 3.18.0 or later.
references
0
reference_url https://github.com/swagger-api/swagger-ui/commit/3f4cae3334fdd492a373f4453bd03a9ebd87becf
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui/commit/3f4cae3334fdd492a373f4453bd03a9ebd87becf
1
reference_url https://github.com/swagger-api/swagger-ui/pull/4789
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui/pull/4789
2
reference_url https://github.com/swagger-api/swagger-ui/releases/tag/v3.18.0
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui/releases/tag/v3.18.0
3
reference_url https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449808
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449808
4
reference_url https://www.npmjs.com/advisories/975
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/975
5
reference_url https://github.com/advisories/GHSA-x9p2-fxq6-2m5f
reference_id GHSA-x9p2-fxq6-2m5f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x9p2-fxq6-2m5f
fixed_packages
0
url pkg:npm/swagger-ui@3.18.0
purl pkg:npm/swagger-ui@3.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gdhu-jxfv-k7a9
1
vulnerability VCID-mpx5-7r4y-77a9
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.18.0
aliases GHSA-x9p2-fxq6-2m5f, GMS-2019-143
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h64t-4k96-h7d4
6
url VCID-hvuf-t6m7-fuhh
vulnerability_id VCID-hvuf-t6m7-fuhh
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in swagger-ui.
references
0
reference_url https://github.com/swagger-api/swagger-ui
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui
1
reference_url https://github.com/swagger-api/swagger-ui/issues/830
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui/issues/830
2
reference_url https://www.npmjs.com/advisories/988
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/988
3
reference_url https://github.com/advisories/GHSA-w992-2gmj-9xxj
reference_id GHSA-w992-2gmj-9xxj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w992-2gmj-9xxj
fixed_packages
0
url pkg:npm/swagger-ui@2.2.1
purl pkg:npm/swagger-ui@2.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1
1
url pkg:npm/swagger-ui@2.2.2
purl pkg:npm/swagger-ui@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gdhu-jxfv-k7a9
1
vulnerability VCID-h64t-4k96-h7d4
2
vulnerability VCID-mpx5-7r4y-77a9
3
vulnerability VCID-wfzu-tsmb-nqf1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2
aliases GHSA-w992-2gmj-9xxj, GMS-2020-787
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hvuf-t6m7-fuhh
7
url VCID-mjr2-z5x4-e3bs
vulnerability_id VCID-mjr2-z5x4-e3bs
summary 
Cross-Site Scripting in swagger-ui
Affected versions of `swagger-ui` are vulnerable to cross-site scripting via the `url` query string parameter.


## Recommendation

Update to 2.2.1 or later.
references
0
reference_url https://github.com/swagger-api/swagger-ui
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui
1
reference_url https://github.com/swagger-api/swagger-ui/commit/a1aea70f2c64533bf053a41d4da5a8accd0117b7
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui/commit/a1aea70f2c64533bf053a41d4da5a8accd0117b7
2
reference_url https://github.com/swagger-api/swagger-ui/issues/1617
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui/issues/1617
3
reference_url https://www.npmjs.com/advisories/137
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/137
4
reference_url https://github.com/advisories/GHSA-g336-c7wv-8hp3
reference_id GHSA-g336-c7wv-8hp3
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g336-c7wv-8hp3
fixed_packages
0
url pkg:npm/swagger-ui@2.2.1
purl pkg:npm/swagger-ui@2.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1
1
url pkg:npm/swagger-ui@2.2.2
purl pkg:npm/swagger-ui@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gdhu-jxfv-k7a9
1
vulnerability VCID-h64t-4k96-h7d4
2
vulnerability VCID-mpx5-7r4y-77a9
3
vulnerability VCID-wfzu-tsmb-nqf1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2
aliases GHSA-g336-c7wv-8hp3, GMS-2020-784
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mjr2-z5x4-e3bs
8
url VCID-mpx5-7r4y-77a9
vulnerability_id VCID-mpx5-7r4y-77a9
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in swagger-ui.
references
0
reference_url https://github.com/swagger-api/swagger-ui
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui
1
reference_url https://github.com/swagger-api/swagger-ui/commit/1e184e8e218676278c83e60a45846c199ce3d15e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui/commit/1e184e8e218676278c83e60a45846c199ce3d15e
2
reference_url https://github.com/swagger-api/swagger-ui/pull/5190
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui/pull/5190
3
reference_url https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449921
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449921
4
reference_url https://www.npmjs.com/advisories/976
reference_id
reference_type
scores
url https://www.npmjs.com/advisories/976
5
reference_url https://github.com/advisories/GHSA-4f9m-pxwh-68hg
reference_id GHSA-4f9m-pxwh-68hg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4f9m-pxwh-68hg
fixed_packages
0
url pkg:npm/swagger-ui@3.20.9
purl pkg:npm/swagger-ui@3.20.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gdhu-jxfv-k7a9
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.20.9
aliases GHSA-4f9m-pxwh-68hg, GMS-2020-782
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mpx5-7r4y-77a9
9
url VCID-r28p-re5d-uya7
vulnerability_id VCID-r28p-re5d-uya7
summary 
XSS via Content-type header
By using a malicious server which returns script as the value of the Content-Type header, it is possible to execute arbitrary code using the demonstration capabilities of Swagger-UI.
references
0
reference_url https://github.com/swagger-api/swagger-ui
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui
1
reference_url https://github.com/swagger-api/swagger-ui/commit/331d2be070d89162aa3174a8773ae4a0093f78bc
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui/commit/331d2be070d89162aa3174a8773ae4a0093f78bc
2
reference_url https://github.com/swagger-api/swagger-ui/issues/1863
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui/issues/1863
3
reference_url https://www.npmjs.com/advisories/131
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/131
4
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/131.json
reference_id 131
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/131.json
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000233
reference_id CVE-2016-1000233
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000233
6
reference_url https://github.com/advisories/GHSA-mrx7-8hxf-f853
reference_id GHSA-mrx7-8hxf-f853
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mrx7-8hxf-f853
fixed_packages
0
url pkg:npm/swagger-ui@2.1.5
purl pkg:npm/swagger-ui@2.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hsn-22rw-7kay
1
vulnerability VCID-5918-w4jq-rka8
2
vulnerability VCID-fc6y-84x3-8bgu
3
vulnerability VCID-gdhu-jxfv-k7a9
4
vulnerability VCID-h64t-4k96-h7d4
5
vulnerability VCID-hvuf-t6m7-fuhh
6
vulnerability VCID-mjr2-z5x4-e3bs
7
vulnerability VCID-mpx5-7r4y-77a9
8
vulnerability VCID-r28p-re5d-uya7
9
vulnerability VCID-wfzu-tsmb-nqf1
10
vulnerability VCID-znja-a329-yyh9
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.1.5
1
url pkg:npm/swagger-ui@2.2.1
purl pkg:npm/swagger-ui@2.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1
2
url pkg:npm/swagger-ui@2.2.2
purl pkg:npm/swagger-ui@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gdhu-jxfv-k7a9
1
vulnerability VCID-h64t-4k96-h7d4
2
vulnerability VCID-mpx5-7r4y-77a9
3
vulnerability VCID-wfzu-tsmb-nqf1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2
aliases CVE-2016-1000233, GHSA-mrx7-8hxf-f853, GMS-2020-785
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r28p-re5d-uya7
10
url VCID-uyf1-htgj-6bdp
vulnerability_id VCID-uyf1-htgj-6bdp
summary 
XSS in key names
Swagger-ui contains a cross site scripting (XSS) vulnerability in the key names for the following object path in the JSON document: `.definitions.{USER_DEFINED}.properties.{INJECTABLE_KEY_NAME}`. Supplying a key name with script tags causes arbitrary code execution. In addition it is possible to load the arbitrary JSON files remotely via the `URL` query-string parameter.
references
0
reference_url https://en.wikipedia.org/wiki/Content_Security_Policy
reference_id
reference_type
scores
url https://en.wikipedia.org/wiki/Content_Security_Policy
1
reference_url https://github.com/swagger-api/swagger-ui/issues/1865
reference_id
reference_type
scores
url https://github.com/swagger-api/swagger-ui/issues/1865
fixed_packages
0
url pkg:npm/swagger-ui@2.2.2
purl pkg:npm/swagger-ui@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gdhu-jxfv-k7a9
1
vulnerability VCID-h64t-4k96-h7d4
2
vulnerability VCID-mpx5-7r4y-77a9
3
vulnerability VCID-wfzu-tsmb-nqf1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2
aliases GMS-2016-45
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uyf1-htgj-6bdp
11
url VCID-wfzu-tsmb-nqf1
vulnerability_id VCID-wfzu-tsmb-nqf1
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in swagger-ui.
references
0
reference_url https://github.com/swagger-api/swagger-ui
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui
1
reference_url https://github.com/swagger-api/swagger-ui/issues/3163
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui/issues/3163
2
reference_url https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449941
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449941
3
reference_url https://www.npmjs.com/advisories/985
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/985
4
reference_url https://github.com/advisories/GHSA-388g-jwpg-x6j4
reference_id GHSA-388g-jwpg-x6j4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-388g-jwpg-x6j4
fixed_packages
0
url pkg:npm/swagger-ui@3.0.13
purl pkg:npm/swagger-ui@3.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gdhu-jxfv-k7a9
1
vulnerability VCID-h64t-4k96-h7d4
2
vulnerability VCID-mpx5-7r4y-77a9
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.0.13
aliases GHSA-388g-jwpg-x6j4, GMS-2020-781
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wfzu-tsmb-nqf1
12
url VCID-ybf8-7h5c-3bbu
vulnerability_id VCID-ybf8-7h5c-3bbu
summary 
XSS in URL Query String Parameter
In versions 2.1.0-M1 and 2.1.0-M2, swagger-ui has a cross site scripting (XSS) vulnerability in the `url` query string parameter.
references
0
reference_url https://github.com/swagger-api/swagger-ui/issues/1262
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements
url https://github.com/swagger-api/swagger-ui/issues/1262
1
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/137.json
reference_id 137
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/137.json
fixed_packages
0
url pkg:npm/swagger-ui@2.1.0
purl pkg:npm/swagger-ui@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hsn-22rw-7kay
1
vulnerability VCID-5918-w4jq-rka8
2
vulnerability VCID-fc6y-84x3-8bgu
3
vulnerability VCID-gdhu-jxfv-k7a9
4
vulnerability VCID-h64t-4k96-h7d4
5
vulnerability VCID-hvuf-t6m7-fuhh
6
vulnerability VCID-mjr2-z5x4-e3bs
7
vulnerability VCID-mpx5-7r4y-77a9
8
vulnerability VCID-r28p-re5d-uya7
9
vulnerability VCID-uyf1-htgj-6bdp
10
vulnerability VCID-wfzu-tsmb-nqf1
11
vulnerability VCID-znja-a329-yyh9
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.1.0
aliases CVE-2016-1000239
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ybf8-7h5c-3bbu
13
url VCID-znja-a329-yyh9
vulnerability_id VCID-znja-a329-yyh9
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in swagger-ui.
references
0
reference_url https://github.com/swagger-api/swagger-ui
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui
1
reference_url https://github.com/swagger-api/swagger-ui/issues/1154
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/swagger-api/swagger-ui/issues/1154
2
reference_url https://www.npmjs.com/advisories/987
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/987
3
reference_url https://github.com/advisories/GHSA-22q9-hqm5-mhmc
reference_id GHSA-22q9-hqm5-mhmc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-22q9-hqm5-mhmc
fixed_packages
0
url pkg:npm/swagger-ui@2.2.1
purl pkg:npm/swagger-ui@2.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1
1
url pkg:npm/swagger-ui@2.2.2
purl pkg:npm/swagger-ui@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gdhu-jxfv-k7a9
1
vulnerability VCID-h64t-4k96-h7d4
2
vulnerability VCID-mpx5-7r4y-77a9
3
vulnerability VCID-wfzu-tsmb-nqf1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2
aliases GHSA-22q9-hqm5-mhmc, GMS-2020-780
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-znja-a329-yyh9
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.1.0-M2