Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-3v8v-mvbs-rkhu
Vulnerability ID VCID-3v8v-mvbs-rkhu
Aliases GHSA-qrmm-w75w-3wpx
GMS-2021-188
GMS-2021-327
GMS-2021-44
GMS-2021-470
Summary Server side request forgery in SwaggerUI
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-918 Server-Side Request Forgery (SSRF)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
System Score Found at
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-qrmm-w75w-3wpx
generic_textual MODERATE https://github.com/domaindrivendev/Swashbuckle.AspNetCore/commit/401c7cb81e5efe835ceb8aae23e82057d57c7d29
generic_textual MODERATE https://github.com/swagger-api/swagger-ui
generic_textual MODERATE https://github.com/swagger-api/swagger-ui/commit/01a3e55960f864a0acf6a8d06e5ddaf6776a7f76
generic_textual MODERATE https://github.com/swagger-api/swagger-ui/issues/4872
cvssv3.1_qr MODERATE https://github.com/swagger-api/swagger-ui/security/advisories/GHSA-qrmm-w75w-3wpx
generic_textual MODERATE https://github.com/swagger-api/swagger-ui/security/advisories/GHSA-qrmm-w75w-3wpx
Reference id Reference type URL
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/commit/401c7cb81e5efe835ceb8aae23e82057d57c7d29
https://github.com/swagger-api/swagger-ui
https://github.com/swagger-api/swagger-ui/commit/01a3e55960f864a0acf6a8d06e5ddaf6776a7f76
GHSA-qrmm-w75w-3wpx https://github.com/advisories/GHSA-qrmm-w75w-3wpx
GHSA-qrmm-w75w-3wpx https://github.com/swagger-api/swagger-ui/security/advisories/GHSA-qrmm-w75w-3wpx
No exploits are available.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-11T20:27:15.738225+00:00 GHSA Importer Import https://github.com/advisories/GHSA-qrmm-w75w-3wpx 38.6.0