{"url":"http://public2.vulnerablecode.io/api/packages/205100?format=json","purl":"pkg:npm/swagger-ui@2.0.24","type":"npm","namespace":"","name":"swagger-ui","version":"2.0.24","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.2.1","latest_non_vulnerable_version":"4.1.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53041?format=json","vulnerability_id":"VCID-3hsn-22rw-7kay","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nSwagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5682.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5682.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5682","reference_id":"","reference_type":"","scores":[{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.5156","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5682"},{"reference_url":"https://community.rapid7.com/community/infosec/blog/2016/09/02/r7-2016-19-persistent-xss-via-unescaped-parameters-in-swagger-ui","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://community.rapid7.com/community/infosec/blog/2016/09/02/r7-2016-19-persistent-xss-via-unescaped-parameters-in-swagger-ui"},{"reference_url":"https://github.com/swagger-api/swagger-ui","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui"},{"reference_url":"https://github.com/swagger-api/swagger-ui/issues/1865","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui/issues/1865"},{"reference_url":"https://www.npmjs.com/advisories/126","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/126"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1443546","reference_id":"1443546","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1443546"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5682","reference_id":"CVE-2016-5682","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5682"},{"reference_url":"https://github.com/advisories/GHSA-p239-93f7-h6xf","reference_id":"GHSA-p239-93f7-h6xf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p239-93f7-h6xf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6580?format=json","purl":"pkg:npm/swagger-ui@2.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/52843?format=json","purl":"pkg:npm/swagger-ui@2.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gdhu-jxfv-k7a9"},{"vulnerability":"VCID-h64t-4k96-h7d4"},{"vulnerability":"VCID-mpx5-7r4y-77a9"},{"vulnerability":"VCID-wfzu-tsmb-nqf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2"}],"aliases":["CVE-2016-5682","GHSA-p239-93f7-h6xf"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3hsn-22rw-7kay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30537?format=json","vulnerability_id":"VCID-5918-w4jq-rka8","summary":"XSS in Consumes/Produces Parameter\nSwagger is a standardized library for documenting API endpoints and their parameters.  Swagger uses a JSON document to organize API endpoint parameter data.\n\nSwagger-UI version 2.1.4 contains a cross site scripting (XSS) vulnerability in the `consumes` and `produces` parameters of the swagger json document for a given API.  A maliciously crafted swagger JSON doc can be loaded via the URL query-string parameter `url`.\n\n To exploit the vulnerability, an attacker would convince a user to visit a malicious url crafted in the following format:\n ```\nhttp://<USER_HOSTNAME>/swagger-ui/index.html?url=http://<MALICIOUS_HOSTNAME>/malicious-swagger-file.json\n````\n\nThis issue is being disclosed before a public patched release is available due to the issue being made public in a Github issue.","references":[{"reference_url":"https://github.com/swagger-api/swagger-ui","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui"},{"reference_url":"https://github.com/swagger-api/swagger-ui/issues/1866","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui/issues/1866"},{"reference_url":"https://github.com/swagger-api/swagger-ui/pull/1867","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui/pull/1867"},{"reference_url":"https://www.npmjs.com/advisories/123","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/123"},{"reference_url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/123.json","reference_id":"123","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/123.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000226","reference_id":"CVE-2016-1000226","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000226"},{"reference_url":"https://github.com/advisories/GHSA-7f59-x49p-v8mq","reference_id":"GHSA-7f59-x49p-v8mq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7f59-x49p-v8mq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6578?format=json","purl":"pkg:npm/swagger-ui@2.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3hsn-22rw-7kay"},{"vulnerability":"VCID-5918-w4jq-rka8"},{"vulnerability":"VCID-fc6y-84x3-8bgu"},{"vulnerability":"VCID-gdhu-jxfv-k7a9"},{"vulnerability":"VCID-h64t-4k96-h7d4"},{"vulnerability":"VCID-hvuf-t6m7-fuhh"},{"vulnerability":"VCID-mjr2-z5x4-e3bs"},{"vulnerability":"VCID-mpx5-7r4y-77a9"},{"vulnerability":"VCID-r28p-re5d-uya7"},{"vulnerability":"VCID-wfzu-tsmb-nqf1"},{"vulnerability":"VCID-znja-a329-yyh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/6580?format=json","purl":"pkg:npm/swagger-ui@2.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/52843?format=json","purl":"pkg:npm/swagger-ui@2.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gdhu-jxfv-k7a9"},{"vulnerability":"VCID-h64t-4k96-h7d4"},{"vulnerability":"VCID-mpx5-7r4y-77a9"},{"vulnerability":"VCID-wfzu-tsmb-nqf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2"}],"aliases":["CVE-2016-1000226","GHSA-7f59-x49p-v8mq","GMS-2020-783"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5918-w4jq-rka8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38193?format=json","vulnerability_id":"VCID-6xjv-drz7-tbgc","summary":"XSS in URL Query String Parameter\nThere's a cross site scripting (XSS) vulnerability in the `url` query string parameter.","references":[{"reference_url":"https://github.com/swagger-api/swagger-ui/issues/1262","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/swagger-api/swagger-ui/issues/1262"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6598?format=json","purl":"pkg:npm/swagger-ui@2.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3hsn-22rw-7kay"},{"vulnerability":"VCID-5918-w4jq-rka8"},{"vulnerability":"VCID-fc6y-84x3-8bgu"},{"vulnerability":"VCID-gdhu-jxfv-k7a9"},{"vulnerability":"VCID-h64t-4k96-h7d4"},{"vulnerability":"VCID-hvuf-t6m7-fuhh"},{"vulnerability":"VCID-mjr2-z5x4-e3bs"},{"vulnerability":"VCID-mpx5-7r4y-77a9"},{"vulnerability":"VCID-r28p-re5d-uya7"},{"vulnerability":"VCID-uyf1-htgj-6bdp"},{"vulnerability":"VCID-wfzu-tsmb-nqf1"},{"vulnerability":"VCID-znja-a329-yyh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.1.0"}],"aliases":["GMS-2016-59"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6xjv-drz7-tbgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53572?format=json","vulnerability_id":"VCID-fc6y-84x3-8bgu","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in swagger-ui.","references":[{"reference_url":"https://github.com/swagger-api/swagger-ui","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui"},{"reference_url":"https://github.com/swagger-api/swagger-ui/issues/1864","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui/issues/1864"},{"reference_url":"https://www.npmjs.com/advisories/986","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/986"},{"reference_url":"https://github.com/advisories/GHSA-vp93-gcx5-4w52","reference_id":"GHSA-vp93-gcx5-4w52","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vp93-gcx5-4w52"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6580?format=json","purl":"pkg:npm/swagger-ui@2.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/52843?format=json","purl":"pkg:npm/swagger-ui@2.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gdhu-jxfv-k7a9"},{"vulnerability":"VCID-h64t-4k96-h7d4"},{"vulnerability":"VCID-mpx5-7r4y-77a9"},{"vulnerability":"VCID-wfzu-tsmb-nqf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2"}],"aliases":["GHSA-vp93-gcx5-4w52","GMS-2020-786"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fc6y-84x3-8bgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51890?format=json","vulnerability_id":"VCID-gdhu-jxfv-k7a9","summary":"Injection Vulnerability\nA Cascading Style Sheets (CSS) injection vulnerability in Swagger UI allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that `<style>@import` within the JSON data was a functional attack method.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17495","reference_id":"","reference_type":"","scores":[{"value":"0.11565","scoring_system":"epss","scoring_elements":"0.93773","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17495"},{"reference_url":"https://github.com/springfox/springfox/commit/26f72f0d16b166e12c20255a4ee907dc10685cf8","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/springfox/springfox/commit/26f72f0d16b166e12c20255a4ee907dc10685cf8"},{"reference_url":"https://github.com/swagger-api/swagger-ui","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui"},{"reference_url":"https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11"},{"reference_url":"https://github.com/tarantula-team/CSS-injection-in-Swagger-UI","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tarantula-team/CSS-injection-in-Swagger-UI"},{"reference_url":"https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aaad845895955e91@%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aaad845895955e91@%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484ab534c3a61ef9cf@%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484ab534c3a61ef9cf@%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r84b327f7a8b6b28857b906c07a66dd98e1d341191fa8d7816514ef96@%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r84b327f7a8b6b28857b906c07a66dd98e1d341191fa8d7816514ef96@%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r853ffeb915a400f899de78124d4e0d77a19379d2e11bf8f4e98c624f@%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r853ffeb915a400f899de78124d4e0d77a19379d2e11bf8f4e98c624f@%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ref70b940c4f69560d29d6ba792d6c82865e74de3dcad4c92d99b1f8f@%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ref70b940c4f69560d29d6ba792d6c82865e74de3dcad4c92d99b1f8f@%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://security.snyk.io/vuln/maven?search=CVE-2019-17495","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/maven?search=CVE-2019-17495"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17495","reference_id":"CVE-2019-17495","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17495"},{"reference_url":"https://github.com/advisories/GHSA-c427-hjc3-wrfw","reference_id":"GHSA-c427-hjc3-wrfw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c427-hjc3-wrfw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76042?format=json","purl":"pkg:npm/swagger-ui@3.23.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.23.11"}],"aliases":["CVE-2019-17495","GHSA-c427-hjc3-wrfw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gdhu-jxfv-k7a9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41112?format=json","vulnerability_id":"VCID-h64t-4k96-h7d4","summary":"Reverse Tabnapping in swagger-ui\nVersions of `swagger-ui` prior to 3.18.0 are vulnerable to [Reverse Tabnapping](https://www.owasp.org/index.php/Reverse_Tabnabbing). The package uses `target='_blank'` in anchor tags, allowing attackers to access `window.opener` for the original page. This is commonly used for phishing attacks.\n\n\n## Recommendation\n\nUpgrade to version 3.18.0 or later.","references":[{"reference_url":"https://github.com/swagger-api/swagger-ui/commit/3f4cae3334fdd492a373f4453bd03a9ebd87becf","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui/commit/3f4cae3334fdd492a373f4453bd03a9ebd87becf"},{"reference_url":"https://github.com/swagger-api/swagger-ui/pull/4789","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui/pull/4789"},{"reference_url":"https://github.com/swagger-api/swagger-ui/releases/tag/v3.18.0","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui/releases/tag/v3.18.0"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449808","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449808"},{"reference_url":"https://www.npmjs.com/advisories/975","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/975"},{"reference_url":"https://github.com/advisories/GHSA-x9p2-fxq6-2m5f","reference_id":"GHSA-x9p2-fxq6-2m5f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x9p2-fxq6-2m5f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58241?format=json","purl":"pkg:npm/swagger-ui@3.18.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gdhu-jxfv-k7a9"},{"vulnerability":"VCID-mpx5-7r4y-77a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.18.0"}],"aliases":["GHSA-x9p2-fxq6-2m5f","GMS-2019-143"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h64t-4k96-h7d4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53560?format=json","vulnerability_id":"VCID-hvuf-t6m7-fuhh","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in swagger-ui.","references":[{"reference_url":"https://github.com/swagger-api/swagger-ui","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui"},{"reference_url":"https://github.com/swagger-api/swagger-ui/issues/830","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui/issues/830"},{"reference_url":"https://www.npmjs.com/advisories/988","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/988"},{"reference_url":"https://github.com/advisories/GHSA-w992-2gmj-9xxj","reference_id":"GHSA-w992-2gmj-9xxj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-w992-2gmj-9xxj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6580?format=json","purl":"pkg:npm/swagger-ui@2.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/52843?format=json","purl":"pkg:npm/swagger-ui@2.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gdhu-jxfv-k7a9"},{"vulnerability":"VCID-h64t-4k96-h7d4"},{"vulnerability":"VCID-mpx5-7r4y-77a9"},{"vulnerability":"VCID-wfzu-tsmb-nqf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2"}],"aliases":["GHSA-w992-2gmj-9xxj","GMS-2020-787"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hvuf-t6m7-fuhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52988?format=json","vulnerability_id":"VCID-mjr2-z5x4-e3bs","summary":"Cross-Site Scripting in swagger-ui\nAffected versions of `swagger-ui` are vulnerable to cross-site scripting via the `url` query string parameter.\n\n\n## Recommendation\n\nUpdate to 2.2.1 or later.","references":[{"reference_url":"https://github.com/swagger-api/swagger-ui","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui"},{"reference_url":"https://github.com/swagger-api/swagger-ui/commit/a1aea70f2c64533bf053a41d4da5a8accd0117b7","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui/commit/a1aea70f2c64533bf053a41d4da5a8accd0117b7"},{"reference_url":"https://github.com/swagger-api/swagger-ui/issues/1617","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui/issues/1617"},{"reference_url":"https://www.npmjs.com/advisories/137","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/137"},{"reference_url":"https://github.com/advisories/GHSA-g336-c7wv-8hp3","reference_id":"GHSA-g336-c7wv-8hp3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g336-c7wv-8hp3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6580?format=json","purl":"pkg:npm/swagger-ui@2.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/52843?format=json","purl":"pkg:npm/swagger-ui@2.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gdhu-jxfv-k7a9"},{"vulnerability":"VCID-h64t-4k96-h7d4"},{"vulnerability":"VCID-mpx5-7r4y-77a9"},{"vulnerability":"VCID-wfzu-tsmb-nqf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2"}],"aliases":["GHSA-g336-c7wv-8hp3","GMS-2020-784"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mjr2-z5x4-e3bs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53561?format=json","vulnerability_id":"VCID-mpx5-7r4y-77a9","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in swagger-ui.","references":[{"reference_url":"https://github.com/swagger-api/swagger-ui","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui"},{"reference_url":"https://github.com/swagger-api/swagger-ui/commit/1e184e8e218676278c83e60a45846c199ce3d15e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui/commit/1e184e8e218676278c83e60a45846c199ce3d15e"},{"reference_url":"https://github.com/swagger-api/swagger-ui/pull/5190","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui/pull/5190"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449921","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449921"},{"reference_url":"https://www.npmjs.com/advisories/976","reference_id":"","reference_type":"","scores":[],"url":"https://www.npmjs.com/advisories/976"},{"reference_url":"https://github.com/advisories/GHSA-4f9m-pxwh-68hg","reference_id":"GHSA-4f9m-pxwh-68hg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4f9m-pxwh-68hg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/78617?format=json","purl":"pkg:npm/swagger-ui@3.20.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gdhu-jxfv-k7a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.20.9"}],"aliases":["GHSA-4f9m-pxwh-68hg","GMS-2020-782"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mpx5-7r4y-77a9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30542?format=json","vulnerability_id":"VCID-r28p-re5d-uya7","summary":"XSS via Content-type header\nBy using a malicious server which returns script as the value of the Content-Type header, it is possible to execute arbitrary code using the demonstration capabilities of Swagger-UI.","references":[{"reference_url":"https://github.com/swagger-api/swagger-ui","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui"},{"reference_url":"https://github.com/swagger-api/swagger-ui/commit/331d2be070d89162aa3174a8773ae4a0093f78bc","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui/commit/331d2be070d89162aa3174a8773ae4a0093f78bc"},{"reference_url":"https://github.com/swagger-api/swagger-ui/issues/1863","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui/issues/1863"},{"reference_url":"https://www.npmjs.com/advisories/131","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/131"},{"reference_url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/131.json","reference_id":"131","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/131.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000233","reference_id":"CVE-2016-1000233","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000233"},{"reference_url":"https://github.com/advisories/GHSA-mrx7-8hxf-f853","reference_id":"GHSA-mrx7-8hxf-f853","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mrx7-8hxf-f853"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6578?format=json","purl":"pkg:npm/swagger-ui@2.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3hsn-22rw-7kay"},{"vulnerability":"VCID-5918-w4jq-rka8"},{"vulnerability":"VCID-fc6y-84x3-8bgu"},{"vulnerability":"VCID-gdhu-jxfv-k7a9"},{"vulnerability":"VCID-h64t-4k96-h7d4"},{"vulnerability":"VCID-hvuf-t6m7-fuhh"},{"vulnerability":"VCID-mjr2-z5x4-e3bs"},{"vulnerability":"VCID-mpx5-7r4y-77a9"},{"vulnerability":"VCID-r28p-re5d-uya7"},{"vulnerability":"VCID-wfzu-tsmb-nqf1"},{"vulnerability":"VCID-znja-a329-yyh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/6580?format=json","purl":"pkg:npm/swagger-ui@2.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/52843?format=json","purl":"pkg:npm/swagger-ui@2.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gdhu-jxfv-k7a9"},{"vulnerability":"VCID-h64t-4k96-h7d4"},{"vulnerability":"VCID-mpx5-7r4y-77a9"},{"vulnerability":"VCID-wfzu-tsmb-nqf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2"}],"aliases":["CVE-2016-1000233","GHSA-mrx7-8hxf-f853","GMS-2020-785"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r28p-re5d-uya7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38174?format=json","vulnerability_id":"VCID-uyf1-htgj-6bdp","summary":"XSS in key names\nSwagger-ui contains a cross site scripting (XSS) vulnerability in the key names for the following object path in the JSON document: `.definitions.{USER_DEFINED}.properties.{INJECTABLE_KEY_NAME}`. Supplying a key name with script tags causes arbitrary code execution. In addition it is possible to load the arbitrary JSON files remotely via the `URL` query-string parameter.","references":[{"reference_url":"https://en.wikipedia.org/wiki/Content_Security_Policy","reference_id":"","reference_type":"","scores":[],"url":"https://en.wikipedia.org/wiki/Content_Security_Policy"},{"reference_url":"https://github.com/swagger-api/swagger-ui/issues/1865","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/swagger-api/swagger-ui/issues/1865"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52843?format=json","purl":"pkg:npm/swagger-ui@2.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gdhu-jxfv-k7a9"},{"vulnerability":"VCID-h64t-4k96-h7d4"},{"vulnerability":"VCID-mpx5-7r4y-77a9"},{"vulnerability":"VCID-wfzu-tsmb-nqf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2"}],"aliases":["GMS-2016-45"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uyf1-htgj-6bdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53594?format=json","vulnerability_id":"VCID-wfzu-tsmb-nqf1","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in swagger-ui.","references":[{"reference_url":"https://github.com/swagger-api/swagger-ui","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui"},{"reference_url":"https://github.com/swagger-api/swagger-ui/issues/3163","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui/issues/3163"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449941","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449941"},{"reference_url":"https://www.npmjs.com/advisories/985","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/985"},{"reference_url":"https://github.com/advisories/GHSA-388g-jwpg-x6j4","reference_id":"GHSA-388g-jwpg-x6j4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-388g-jwpg-x6j4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/78655?format=json","purl":"pkg:npm/swagger-ui@3.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gdhu-jxfv-k7a9"},{"vulnerability":"VCID-h64t-4k96-h7d4"},{"vulnerability":"VCID-mpx5-7r4y-77a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.0.13"}],"aliases":["GHSA-388g-jwpg-x6j4","GMS-2020-781"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wfzu-tsmb-nqf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53571?format=json","vulnerability_id":"VCID-znja-a329-yyh9","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in swagger-ui.","references":[{"reference_url":"https://github.com/swagger-api/swagger-ui","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui"},{"reference_url":"https://github.com/swagger-api/swagger-ui/issues/1154","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swagger-api/swagger-ui/issues/1154"},{"reference_url":"https://www.npmjs.com/advisories/987","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/987"},{"reference_url":"https://github.com/advisories/GHSA-22q9-hqm5-mhmc","reference_id":"GHSA-22q9-hqm5-mhmc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-22q9-hqm5-mhmc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6580?format=json","purl":"pkg:npm/swagger-ui@2.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/52843?format=json","purl":"pkg:npm/swagger-ui@2.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gdhu-jxfv-k7a9"},{"vulnerability":"VCID-h64t-4k96-h7d4"},{"vulnerability":"VCID-mpx5-7r4y-77a9"},{"vulnerability":"VCID-wfzu-tsmb-nqf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.2.2"}],"aliases":["GHSA-22q9-hqm5-mhmc","GMS-2020-780"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-znja-a329-yyh9"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@2.0.24"}