Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/swagger-ui@3.0.3

Type npm

Namespace

Name swagger-ui

Version 3.0.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.1.3

Latest_non_vulnerable_version 4.1.3

Affected_by_vulnerabilities

url VCID-3v8v-mvbs-rkhu

vulnerability_id VCID-3v8v-mvbs-rkhu

summary Server side request forgery in SwaggerUI

references

reference_url

https://github.com/domaindrivendev/Swashbuckle.AspNetCore/commit/401c7cb81e5efe835ceb8aae23e82057d57c7d29

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/domaindrivendev/Swashbuckle.AspNetCore/commit/401c7cb81e5efe835ceb8aae23e82057d57c7d29

reference_url

https://github.com/swagger-api/swagger-ui

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/swagger-api/swagger-ui

reference_url

https://github.com/swagger-api/swagger-ui/commit/01a3e55960f864a0acf6a8d06e5ddaf6776a7f76

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/swagger-api/swagger-ui/commit/01a3e55960f864a0acf6a8d06e5ddaf6776a7f76

reference_url

https://github.com/advisories/GHSA-qrmm-w75w-3wpx

reference_id

GHSA-qrmm-w75w-3wpx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qrmm-w75w-3wpx

reference_url

https://github.com/swagger-api/swagger-ui/security/advisories/GHSA-qrmm-w75w-3wpx

reference_id

GHSA-qrmm-w75w-3wpx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/swagger-api/swagger-ui/security/advisories/GHSA-qrmm-w75w-3wpx

fixed_packages

url	pkg:npm/swagger-ui@4.1.3
purl	pkg:npm/swagger-ui@4.1.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@4.1.3

aliases GHSA-qrmm-w75w-3wpx, GMS-2021-188, GMS-2021-327, GMS-2021-44, GMS-2021-470

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3v8v-mvbs-rkhu

url VCID-4a5e-u6eu-a7g1

vulnerability_id VCID-4a5e-u6eu-a7g1

summary Cross-Site Scripting in swagger-ui

references

reference_url

https://github.com/swagger-api/swagger-ui

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/swagger-api/swagger-ui

reference_url

https://github.com/swagger-api/swagger-ui/issues/3163

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/swagger-api/swagger-ui/issues/3163

reference_url

https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449941

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449941

reference_url

https://www.npmjs.com/advisories/985

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/985

reference_url

https://github.com/advisories/GHSA-388g-jwpg-x6j4

reference_id

GHSA-388g-jwpg-x6j4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-388g-jwpg-x6j4

fixed_packages

url pkg:npm/swagger-ui@3.0.13

purl pkg:npm/swagger-ui@3.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3v8v-mvbs-rkhu

vulnerability	VCID-e33g-ayx5-rffp

vulnerability	VCID-ha7j-575w-c7eu

vulnerability	VCID-jqwv-yhzm-gke8

vulnerability	VCID-n2b6-kqqb-c7hy

vulnerability	VCID-zn7g-cnwj-fud3

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.0.13

aliases GHSA-388g-jwpg-x6j4, GMS-2020-781

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4a5e-u6eu-a7g1

url VCID-e33g-ayx5-rffp

vulnerability_id VCID-e33g-ayx5-rffp

summary Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-25031

reference_id

reference_type

scores

value	0.8042
scoring_system	epss
scoring_elements	0.99155
published_at	2026-06-13T12:55:00Z

value	0.8042
scoring_system	epss
scoring_elements	0.99152
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-25031

reference_url

https://github.com/swagger-api/swagger-ui

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/swagger-api/swagger-ui

reference_url

https://github.com/swagger-api/swagger-ui/pull/7697

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/swagger-api/swagger-ui/pull/7697

reference_url

https://security.netapp.com/advisory/ntap-20220407-0004

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220407-0004

reference_url

https://github.com/swagger-api/swagger-ui/issues/4872

reference_id

4872

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:12:25Z/

url

https://github.com/swagger-api/swagger-ui/issues/4872

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-25031

reference_id

CVE-2018-25031

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-25031

reference_url

https://github.com/advisories/GHSA-cr3q-pqgq-m8c2

reference_id

GHSA-cr3q-pqgq-m8c2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cr3q-pqgq-m8c2

reference_url

https://security.netapp.com/advisory/ntap-20220407-0004/

reference_id

ntap-20220407-0004

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:12:25Z/

url

https://security.netapp.com/advisory/ntap-20220407-0004/

reference_url

https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885

reference_id

SNYK-JS-SWAGGERUI-2314885

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:12:25Z/

url

https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885

reference_url

https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3

reference_id

v4.1.3

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:12:25Z/

url

https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3

fixed_packages

url	pkg:npm/swagger-ui@4.1.3
purl	pkg:npm/swagger-ui@4.1.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@4.1.3

aliases CVE-2018-25031, GHSA-cr3q-pqgq-m8c2

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e33g-ayx5-rffp

url VCID-ha7j-575w-c7eu

vulnerability_id VCID-ha7j-575w-c7eu

summary Cross-site scripting in Swagger-UI

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-17495

reference_id

reference_type

scores

value	0.11565
scoring_system	epss
scoring_elements	0.93802
published_at	2026-06-11T12:55:00Z

value	0.11565
scoring_system	epss
scoring_elements	0.93828
published_at	2026-06-13T12:55:00Z

value	0.11565
scoring_system	epss
scoring_elements	0.93823
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-17495

reference_url

https://github.com/springfox/springfox/commit/26f72f0d16b166e12c20255a4ee907dc10685cf8

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/springfox/springfox/commit/26f72f0d16b166e12c20255a4ee907dc10685cf8

reference_url

https://github.com/swagger-api/swagger-ui

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/swagger-api/swagger-ui

reference_url

https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11

reference_url

https://github.com/tarantula-team/CSS-injection-in-Swagger-UI

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/tarantula-team/CSS-injection-in-Swagger-UI

reference_url

https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aaad845895955e91@%3Ccommits.airflow.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aaad845895955e91@%3Ccommits.airflow.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484ab534c3a61ef9cf@%3Ccommits.airflow.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484ab534c3a61ef9cf@%3Ccommits.airflow.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r84b327f7a8b6b28857b906c07a66dd98e1d341191fa8d7816514ef96@%3Ccommits.airflow.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r84b327f7a8b6b28857b906c07a66dd98e1d341191fa8d7816514ef96@%3Ccommits.airflow.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r853ffeb915a400f899de78124d4e0d77a19379d2e11bf8f4e98c624f@%3Ccommits.airflow.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r853ffeb915a400f899de78124d4e0d77a19379d2e11bf8f4e98c624f@%3Ccommits.airflow.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ref70b940c4f69560d29d6ba792d6c82865e74de3dcad4c92d99b1f8f@%3Ccommits.airflow.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ref70b940c4f69560d29d6ba792d6c82865e74de3dcad4c92d99b1f8f@%3Ccommits.airflow.apache.org%3E

reference_url

https://security.snyk.io/vuln/maven?search=CVE-2019-17495

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.snyk.io/vuln/maven?search=CVE-2019-17495

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-17495

reference_id

CVE-2019-17495

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-17495

reference_url

https://github.com/advisories/GHSA-c427-hjc3-wrfw

reference_id

GHSA-c427-hjc3-wrfw

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c427-hjc3-wrfw

fixed_packages

url pkg:npm/swagger-ui@3.23.11

purl pkg:npm/swagger-ui@3.23.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3v8v-mvbs-rkhu

vulnerability	VCID-e33g-ayx5-rffp

vulnerability	VCID-zn7g-cnwj-fud3

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.23.11

aliases CVE-2019-17495, GHSA-c427-hjc3-wrfw

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ha7j-575w-c7eu

url VCID-jqwv-yhzm-gke8

vulnerability_id VCID-jqwv-yhzm-gke8

summary Reverse Tabnapping in swagger-ui

references

reference_url

https://github.com/swagger-api/swagger-ui/commit/3f4cae3334fdd492a373f4453bd03a9ebd87becf

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/swagger-api/swagger-ui/commit/3f4cae3334fdd492a373f4453bd03a9ebd87becf

reference_url

https://github.com/swagger-api/swagger-ui/pull/4789

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/swagger-api/swagger-ui/pull/4789

reference_url

https://github.com/swagger-api/swagger-ui/releases/tag/v3.18.0

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/swagger-api/swagger-ui/releases/tag/v3.18.0

reference_url

https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449808

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449808

reference_url

https://www.npmjs.com/advisories/975

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/975

reference_url

https://github.com/advisories/GHSA-x9p2-fxq6-2m5f

reference_id

GHSA-x9p2-fxq6-2m5f

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x9p2-fxq6-2m5f

fixed_packages

url pkg:npm/swagger-ui@3.18.0

purl pkg:npm/swagger-ui@3.18.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3v8v-mvbs-rkhu

vulnerability	VCID-e33g-ayx5-rffp

vulnerability	VCID-ha7j-575w-c7eu

vulnerability	VCID-n2b6-kqqb-c7hy

vulnerability	VCID-zn7g-cnwj-fud3

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.18.0

aliases GHSA-x9p2-fxq6-2m5f, GMS-2019-143

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jqwv-yhzm-gke8

url VCID-n2b6-kqqb-c7hy

vulnerability_id VCID-n2b6-kqqb-c7hy

summary Cross-Site Scripting in swagger-ui

references

reference_url

https://github.com/swagger-api/swagger-ui

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/swagger-api/swagger-ui

reference_url

https://github.com/swagger-api/swagger-ui/commit/1e184e8e218676278c83e60a45846c199ce3d15e

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/swagger-api/swagger-ui/commit/1e184e8e218676278c83e60a45846c199ce3d15e

reference_url

https://github.com/swagger-api/swagger-ui/pull/5190

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/swagger-api/swagger-ui/pull/5190

reference_url

https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449921

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449921

reference_url	https://www.npmjs.com/advisories/976
reference_id
reference_type
scores
url	https://www.npmjs.com/advisories/976

reference_url

https://github.com/advisories/GHSA-4f9m-pxwh-68hg

reference_id

GHSA-4f9m-pxwh-68hg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4f9m-pxwh-68hg

fixed_packages

url pkg:npm/swagger-ui@3.20.9

purl pkg:npm/swagger-ui@3.20.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3v8v-mvbs-rkhu

vulnerability	VCID-e33g-ayx5-rffp

vulnerability	VCID-ha7j-575w-c7eu

vulnerability	VCID-zn7g-cnwj-fud3

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.20.9

aliases GHSA-4f9m-pxwh-68hg, GMS-2020-782

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2b6-kqqb-c7hy

url VCID-zn7g-cnwj-fud3

vulnerability_id VCID-zn7g-cnwj-fud3

summary Spoofing attack in swagger-ui-dist

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-46708

reference_id

reference_type

scores

value	0.00286
scoring_system	epss
scoring_elements	0.52536
published_at	2026-06-12T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52408
published_at	2026-06-11T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52549
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-46708

reference_url

https://github.com/swagger-api/swagger-ui

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/swagger-api/swagger-ui

reference_url

https://security.netapp.com/advisory/ntap-20220407-0004

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220407-0004

reference_url

https://security.snyk.io/vuln/SNYK-JS-SWAGGERUIDIST-2314884

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.snyk.io/vuln/SNYK-JS-SWAGGERUIDIST-2314884

reference_url

https://www.npmjs.com/package/swagger-ui-dist/v/4.1.3

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/package/swagger-ui-dist/v/4.1.3

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-46708

reference_id

CVE-2021-46708

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-46708

reference_url

https://github.com/advisories/GHSA-6c9x-mj3g-h47x

reference_id

GHSA-6c9x-mj3g-h47x

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6c9x-mj3g-h47x

fixed_packages

url	pkg:npm/swagger-ui@4.1.3
purl	pkg:npm/swagger-ui@4.1.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@4.1.3

aliases CVE-2021-46708, GHSA-6c9x-mj3g-h47x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zn7g-cnwj-fud3

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/swagger-ui@3.0.3

Package Instance