VulnerableCode Package Details - pkg:npm/swagger-ui@4.1.3

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-byuc-dyx4-zben	Improper Restriction of Rendered UI Layers or Frames The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.	CVE-2021-46708 GHSA-6c9x-mj3g-h47x
VCID-jkux-j1yd-47ep	Spoofing attack in swagger-ui Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.	CVE-2018-25031 GHSA-cr3q-pqgq-m8c2
VCID-s2s9-qpgy-nffr	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in swagger-ui-react.	GHSA-qrmm-w75w-3wpx GMS-2021-188 GMS-2021-327 GMS-2021-44 GMS-2021-470

Vulnerability

Summary

Aliases

VCID-byuc-dyx4-zben

Improper Restriction of Rendered UI Layers or Frames The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

CVE-2021-46708
GHSA-6c9x-mj3g-h47x

VCID-jkux-j1yd-47ep

Spoofing attack in swagger-ui Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.

CVE-2018-25031
GHSA-cr3q-pqgq-m8c2

VCID-s2s9-qpgy-nffr

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in swagger-ui-react.

GHSA-qrmm-w75w-3wpx
GMS-2021-188
GMS-2021-327
GMS-2021-44
GMS-2021-470

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-05T21:20:50.428940+00:00	GHSA Importer	Fixing	VCID-jkux-j1yd-47ep	https://github.com/advisories/GHSA-cr3q-pqgq-m8c2	38.6.0
2026-06-05T21:16:02.768916+00:00	GHSA Importer	Fixing	VCID-s2s9-qpgy-nffr	https://github.com/advisories/GHSA-qrmm-w75w-3wpx	38.6.0
2026-06-04T17:52:10.057816+00:00	GithubOSV Importer	Fixing	VCID-jkux-j1yd-47ep	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-cr3q-pqgq-m8c2/GHSA-cr3q-pqgq-m8c2.json	38.6.0
2026-06-04T17:28:27.553741+00:00	GithubOSV Importer	Fixing	VCID-s2s9-qpgy-nffr	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-qrmm-w75w-3wpx/GHSA-qrmm-w75w-3wpx.json	38.6.0
2026-06-02T04:41:46.935770+00:00	GitLab Importer	Fixing	VCID-jkux-j1yd-47ep	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/swagger-ui/CVE-2018-25031.yml	38.6.0
2026-06-02T04:41:46.101967+00:00	GitLab Importer	Fixing	VCID-byuc-dyx4-zben	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/swagger-ui/CVE-2021-46708.yml	38.6.0
2026-06-02T04:40:41.265071+00:00	GitLab Importer	Fixing	VCID-s2s9-qpgy-nffr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/swagger-ui/GMS-2021-188.yml	38.6.0