Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Vulnerabilities
| Vulnerability |
Severity |
CVSS |
Dependency |
Type |
Fixed in (swagger-ui version) |
Remediation Possible** |
| CVE-2019-17495 |
Critical |
9.8 |
swagger-ui-2.1.2.min.js |
Direct |
swagger-ui - 3.23.11, io.springfox:springfox-swagger-ui:2.10.0 |
❌ |
| WS-2016-0034 |
High |
7.3 |
swagger-ui-2.1.2.min.js |
Direct |
zfcampus/zf-apigility-documentation-swagger - 1.3.0,rich2k/l5-swagger - 3.x-dev,digitalunited/wp-elastic-api - v0.1.3,vsmoraes/swagger-ui-bundle - no_fix,servicestack.api.swagger - 4.0.8,steamuloabeaujou/api-platform - v2.0.0-rc.1,pleio/pleio_rest - no_fix,keeko/developer-app - v0.2,mahmoodbabaei/etribes-code-challenge - no_fix,kizi/easyminer-easyminercenter - v2.0,helingfeng/l5-swagger - 3.x-dev,luracast/restler - 4.0.0,sjje/swaggervel - dev-master,firdaushatta/l5-swagger - 3.2,luracast/restler - 5.0.6,hadeswang/jlapp-swaggervel - 1.0.x-dev,zfcampus/zf-apigility-documentation-swagger - dev-master,imjarek/laravel-swagger - 3.x-dev,juzaweb/l5-swagger - 3.x-dev,pharmit/swaggervel - 1.0.x-dev,rich2k/l5-swagger - 3.2,libgraviton/swagger-ui - v1.0,dreamfactory/app-admin - no_fix,swagger-ui - 2.1.5,digitalunited/wp-elastic-api - v0.1.2,hasangilak/l5-swagger - 3.x-dev,mymdz/l5-swagger - 3.x-dev,swagger-ui - 2.1.5,davigs/swagger-lume - 2.0,dandisy/webcore-base - no_fix,dolibarr/dolibarr - 9.0.0,activelamp/swagger-ui-bundle - dev-nelmio_integration,swagger-ui - 2.0.3,digitalunited/wp-elastic-api - v0.1.4,cr3a7ure/core - 2.1.x-dev,servicestack.api.swagger.signed - 4.0.35,bluzphp/skeleton - 2.0.2,servicestack.api.swagger - 4.0.35,hos/hos-framework - no_fix,damian-nz/l5-swagger - dev-master,restler/framework - 3.0.0-RC1,dandisy/adminlte-templates - 1.2.2,visiosoft/l5-swagger - 3.x-dev,odn.swagger.net - no_fix,vjeantet/silex-simple-rest-swagger - no_fix,smskin/l5-swagger - 3.2,vsmoraes/swagger-ui-bundle - dev-nelmio_integration,dandisy/webcore - 1.0.6,restler/framework - 5.0.6,hasangilak/l5-swagger - 3.2,api-platform/core - v2.0.0-rc.1,pmvc-app/swagger_ui - no_fix,jessekoska/swagger-lume - v2.0.24,iwanli/laravel5-swagger - no_fix,dreamfactory/app-admin - 1.0.4,firdaushatta/l5-swagger - 3.x-dev,fxmonster/l5-swagger - 3.x-dev,dennis1804/iq-swagger - no_fix,restler/framework - 4.0.0,yaangvu/swagger-lume - 2.0,folksyfolks/l5-swagger - 3.1.4,dandisy/laravel-generator - dev-dependabot/npm_and_yarn/templates/vuejs/js/eslint-4.19.1,dandisy/laravel-generator - 1.0.0,dandisy/webcore-base - 1.0.0,alexmaramaldo/swaggervel-2 - no_fix,ernestoponce/slimproject - no_fix,luracast/restler - 2.2.0,sergeyfast/eazy-jsonrpc - no_fix,dennis1804/iq-swagger - dev-dependabot/composer/illuminate/support-approx-8.16,imjarek/laravel-swagger - 3.2,jinsoft/laravel-swagger - no_fix,kbrabrand/silex-swagger-ui - no_fix,sergeyfast/eazy-jsonrpc - v1.0,ramzyvirani/laravel-boilerplate - dev-snyk-fix-6118335e7ee4db4dc6929725f8b9be70,swagger-ui - 2.0.3,helingfeng/l5-swagger - 3.2,jjdoor/swagger-lume - 2.0,jlapp/swaggervel - 1.0.x-dev,nservicekit.api.swagger - no_fix,jym.identityserver.swagger - no_fix,smskin/l5-swagger - 3.x-dev,fxmonster/l5-swagger - 3.2,rodchyn/api-platform-core - v2.0.0-rc.1,restler/framework - 5.07,openrastaswagger - 1.0.3.21,fmarmo/swagger-lume - 2.0,v2.1.5,ci-blox/ignition-go - 1.0.0-beta.1,luracast/restler - 1.0.20,digitalunited/wp-elastic-api - v0.1,juzaweb/l5-swagger - 3.2,laminas-api-tools/api-tools-documentation-swagger - 1.3.0,riverslei/laravel-swagger - no_fix,dandisy/laravel-generator - 1.2.7,damian-nz/l5-swagger - 3.2,damian-nz/l5-swagger - 2.0.x-dev,mymdz/l5-swagger - 3.2,luracast/restler - 5.07 |
❌ |
| CVE-2016-1000226 |
High |
7.3 |
swagger-ui-2.1.2.min.js |
Direct |
swagger-ui - 2.2.1 |
❌ |
| WS-2019-0172 |
Medium |
6.5 |
swagger-ui-2.1.2.min.js |
Direct |
swagger-ui - 3.20.9,swagger-api/swagger-ui - v/3.18.0,swagger-ui - 3.20.9,kevupton/auto-swagger-ui - v0.0.1,swagger-api/swagger-ui - dev-dependabot/npm_and_yarn/dompurify-3.0.8,zhaojunlike/think-swagger - 1.0.0,esandri/swagger-ui-big - v2.0.0,swagger-api/swagger-ui - dev-fix/xml-oneOf,swagger-api/swagger-ui - dev-issue-5148,dreamfactory/df-swagger-ui - 3.3.1,swagger-api/swagger-ui - dev-dependabot/npm_and_yarn/babel/runtime-corejs3-7.22.3,westhack/think-swagger - no_fix,3.20.9,swagger-api/swagger-ui - 3.3.1,swagger-api/swagger-ui - dev-fix-null-value-parsing,dreamfactory/df-swagger-ui - 0.2.0,dreamfactory/df-swagger-ui - v1.0,swagger-api/swagger-ui - dev-facelift,esandri/swagger-ui-big - v3.0.0,swagger-api/swagger-ui - dev-dependabot/npm_and_yarn/mocha-9.0.2,swagger-api/swagger-ui - v3.20.9,esandri/swagger-ui-big - no_fix,westhack/think-swagger - 1.0.0,kevupton/auto-swagger-ui - no_fix |
❌ |
| CVE-2016-1000233 |
Medium |
6.5 |
swagger-ui-2.1.2.min.js |
Direct |
2.2.1 |
❌ |
| WS-2019-0236 |
Medium |
6.1 |
swagger-ui-2.1.2.min.js |
Direct |
swagger-ui - 3.0.13,swagger-ui - 3.0.13 |
❌ |
| WS-2019-0235 |
Medium |
6.1 |
swagger-ui-2.1.2.min.js |
Direct |
swagger-ui - 2.2.0,swagger-ui - 2.2.0 |
❌ |
| WS-2019-0234 |
Medium |
6.1 |
swagger-ui-2.1.2.min.js |
Direct |
2.2.1,rich2k/l5-swagger - 5.0,raftx24/l5-swagger - 4.0.1,swagger-ui - 2.2.2,mreko/l5-swagger - v2.0,pleio/pleio_rest - no_fix,restler/framework - 3.0.0-RC1,folksyfolks/l5-swagger - 2.1,servicestack.api.swagger - 4.0.8,imikemiller/l5-swagger-redoc - 3.0.1,kbrabrand/silex-swagger-ui - no_fix,dandisy/laravel-generator - 1.0.0,hos/hos-framework - no_fix,fxmonster/l5-swagger - 5.0,vswashbuckle.core - 1.0.1,servicestack.api.swagger - 4.0.35,folksyfolks/l5-swagger - 3.1.4,firdaushatta/l5-swagger - dev-upgrade-to-swagger-ui-4,odn.swagger.net - no_fix,sergeyfast/eazy-jsonrpc - no_fix,pharmit/swaggervel - 1.0.x-dev,digitalunited/wp-elastic-api - v0.1,damian-nz/l5-swagger - dev-master,firdaushatta/l5-swagger - dev-firdaushatta-patch-2,flask-apispec - 0.7.0,cromwell - 0.30,digitalunited/wp-elastic-api - v0.1.3,jjdoor/swagger-lume - 2.0,luracast/restler - 4.0.0,dhawton/l5-swagger-redoc - 3.0.1,ernestoponce/slimproject - no_fix,luracast/restler - 5.07,cr3a7ure/core - no_fix,dhawton/l5-swagger-redoc - 4.0.1,dreamfactory/app-admin - no_fix,nservicekit.api.swagger - no_fix,flask-apispec - 0.4.0,keeko/developer-app - v0.2,juzaweb/l5-swagger - 5.0,fmarmo/swagger-lume - 2.0,alexmaramaldo/swaggervel-2 - no_fix,openrastaswagger - 1.0.3.21,dennis1804/iq-swagger - no_fix,zfcampus/zf-apigility-documentation-swagger - 1.3.0,dandisy/webcore-base - no_fix,digitalunited/wp-elastic-api - v0.1.2,sergeyfast/eazy-jsonrpc - v1.0,firdaushatta/l5-swagger - 5.0,vsmoraes/swagger-ui-bundle - dev-nelmio_integration,raftx24/l5-swagger - 3.0.1,vjeantet/silex-simple-rest-swagger - no_fix,luracast/restler - 1.0.20,hasangilak/l5-swagger - 5.0,davigs/swagger-lume - 2.0,servicestack.api.swagger.signed - 4.5.12,iwanli/laravel5-swagger - no_fix,dandisy/laravel-generator - 1.2.7,jlapp/swaggervel - 1.0.x-dev,jym.identityserver.swagger - no_fix,pmvc-app/swagger_ui - no_fix,kizi/easyminer-easyminercenter - v2.0,mreko/l5-swagger - 3.0.1,raftx24/l5-swagger - v2.0,dandisy/webcore - 1.0.6,dandisy/adminlte-templates - 1.2.2,steamuloabeaujou/api-platform - v2.0.0-rc.1,dreamfactory/app-admin - 1.0.4,folksyfolks/l5-swagger - dev-upgrade-to-swagger-ui-4,imikemiller/l5-swagger-redoc - 4.0.1,flask-apispec - 0.4.0,hadeswang/jlapp-swaggervel - 1.0.x-dev,luracast/restler - 2.2.0,smskin/l5-swagger - 5.0,luracast/restler - 5.0.6,gajendrajain20/laravel-pioneer-cms - no_fix,digitalunited/wp-elastic-api - v0.1.4,darkaonline/l5-swagger - v2.0,firdaushatta/l5-swagger - dev-firdaushatta-patch-1,open-resource-manager/core - no_fix,servicestack.api.swagger - 4.5.12,libgraviton/swagger-ui - v1.0,helingfeng/l5-swagger - 5.0,cr3a7ure/core - dev-docminor,restler/framework - 5.0.6,darkaonline/l5-swagger - 3.0.1,rodchyn/api-platform-core - v2.0.0-rc.1,kubotak-is/l5-swagger - 4.0.1,ramzyvirani/laravel-boilerplate - dev-snyk-fix-6118335e7ee4db4dc6929725f8b9be70,latrell/swagger - 1.0.2,dandisy/laravel-generator - dev-dependabot/npm_and_yarn/templates/vuejs/js/eslint-4.19.1,imjarek/laravel-swagger - 5.0,servicestack.api.swagger.signed - 4.0.35,mreko/l5-swagger - 4.0.1,dolibarr/dolibarr - 9.0.0,mahmoodbabaei/etribes-code-challenge - no_fix,mymdz/l5-swagger - 5.0,bluzphp/skeleton - 2.0.2,kubotak-is/l5-swagger - v2.0,visiosoft/l5-swagger - 3.x-dev,yaangvu/swagger-lume - 2.0,damian-nz/l5-swagger - 3.2,laminas-api-tools/api-tools-documentation-swagger - 1.3.0,restler/framework - 4.0.0,jessekoska/swagger-lume - v2.0.24,zfcampus/zf-apigility-documentation-swagger - dev-master,flask-apispec - 0.7.0,api-platform/core - v2.0.0-rc.1,vsmoraes/swagger-ui-bundle - no_fix,activelamp/swagger-ui-bundle - dev-nelmio_integration,dennis1804/iq-swagger - dev-dependabot/composer/illuminate/support-approx-8.16,swagger-ui - 2.2.2,imikemiller/l5-swagger-redoc - v2.0,dhawton/l5-swagger-redoc - v2.0,darkaonline/l5-swagger - dev-upgrade-to-swagger-ui-4,sjje/swaggervel - dev-master,ci-blox/ignition-go - 1.0.0-beta.1,kubotak-is/l5-swagger - 3.0.1,riverslei/laravel-swagger - no_fix,dandisy/webcore-base - 1.0.0,jinsoft/laravel-swagger - no_fix,restler/framework - 5.07 |
❌ |
| CVE-2016-5682 |
Medium |
6.1 |
swagger-ui-2.1.2.min.js |
Direct |
swagger-ui - 2.2.1 |
❌ |
| CVE-2016-1000239 |
Medium |
6.1 |
swagger-ui-2.1.2.min.js |
Direct |
2.2.1,gajendrajain20/laravel-pioneer-cms - no_fix,pharmit/swaggervel - 1.0.x-dev,dreamfactory/df-api-docs-ui - 1.1.0,swagger-ui - 2.2.2,dhawton/l5-swagger-redoc - v2.0,kizi/easyminer-easyminercenter - v2.0,firdaushatta/l5-swagger - dev-firdaushatta-patch-2,hos/hos-framework - no_fix,ernestoponce/slimproject - no_fix,api-platform/core - v2.0.0-rc.1,sjje/swaggervel - dev-master,dhawton/l5-swagger-redoc - 3.0.1,dreamfactory/app-admin - 1.0.4,swagger-ui - 2.2.2,folksyfolks/l5-swagger - 2.1,dreamfactory/app-admin - no_fix,yaangvu/swagger-lume - 2.0,dennis1804/iq-swagger - no_fix,open-resource-manager/core - no_fix,latrell/swagger - 1.0.2,smskin/l5-swagger - 5.0,damian-nz/l5-swagger - dev-master,digitalunited/wp-elastic-api - v0.1.2,raftx24/l5-swagger - 3.0.1,firdaushatta/l5-swagger - dev-upgrade-to-swagger-ui-4,dandisy/laravel-generator - 1.0.0,firdaushatta/l5-swagger - 5.0,mymdz/l5-swagger - 5.0,jym.identityserver.swagger - no_fix,darkaonline/l5-swagger - 3.0.1,digitalunited/wp-elastic-api - v0.1.4,vjeantet/silex-simple-rest-swagger - no_fix,rich2k/l5-swagger - 5.0,servicestack.api.swagger - 4.5.12,digitalunited/wp-elastic-api - v0.1,jjdoor/swagger-lume - 2.0,servicestack.api.swagger - 4.0.8,ci-blox/ignition-go - 1.0.0-beta.1,dandisy/webcore - 1.0.6,kbrabrand/silex-swagger-ui - no_fix,damian-nz/l5-swagger - 3.2,hadeswang/jlapp-swaggervel - 1.0.x-dev,keeko/developer-app - v0.2,dreamfactory/df-swagger-ui - 0.4.0,pmvc-app/swagger_ui - no_fix,hasangilak/l5-swagger - 5.0,servicestack.api.swagger - 4.0.35,darkaonline/l5-swagger - v2.0,alexmaramaldo/swaggervel-2 - no_fix,raftx24/l5-swagger - v2.0,sergeyfast/eazy-jsonrpc - no_fix,dhawton/l5-swagger-redoc - 4.0.1,imikemiller/l5-swagger-redoc - 3.0.1,zfcampus/zf-apigility-documentation-swagger - 1.3.0,zfcampus/zf-apigility-documentation-swagger - dev-master,dandisy/webcore-base - 1.0.0,helingfeng/l5-swagger - 5.0,kubotak-is/l5-swagger - v2.0,fxmonster/l5-swagger - 5.0,kubotak-is/l5-swagger - 3.0.1,laminas-api-tools/api-tools-documentation-swagger - 1.3.0,odn.swagger.net - no_fix,nservicekit.api.swagger - no_fix,jinsoft/laravel-swagger - no_fix,dreamfactory/df-swagger-ui - no_fix,libgraviton/swagger-ui - v1.0,flask-apispec - 0.7.0,flask-apispec - 0.7.0,juzaweb/l5-swagger - 5.0,dandisy/adminlte-templates - 1.2.2,cr3a7ure/core - no_fix,dandisy/laravel-generator - 1.2.7,fmarmo/swagger-lume - 2.0,sergeyfast/eazy-jsonrpc - v1.0,raftx24/l5-swagger - 4.0.1,flask-apispec - 0.4.0,folksyfolks/l5-swagger - 3.1.4,jlapp/swaggervel - 1.0.x-dev,cromwell - 0.30,iwanli/laravel5-swagger - no_fix,davigs/swagger-lume - 2.0,servicestack.api.swagger.signed - 4.0.35,imjarek/laravel-swagger - 5.0,activelamp/swagger-ui-bundle - dev-nelmio_integration,dandisy/laravel-generator - dev-dependabot/npm_and_yarn/templates/vuejs/js/eslint-4.19.1,pleio/pleio_rest - no_fix,dandisy/webcore-base - no_fix,cr3a7ure/core - dev-docminor,openrastaswagger - 1.0.3.21,rodchyn/api-platform-core - v2.0.0-rc.1,vsmoraes/swagger-ui-bundle - dev-nelmio_integration,mahmoodbabaei/etribes-code-challenge - no_fix,dennis1804/iq-swagger - dev-dependabot/composer/illuminate/support-approx-8.16,govtnz/swagger-ui - v1.0,mreko/l5-swagger - 3.0.1,bluzphp/skeleton - 2.0.2,jessekoska/swagger-lume - v2.0.24,darkaonline/l5-swagger - dev-upgrade-to-swagger-ui-4,imikemiller/l5-swagger-redoc - 4.0.1,riverslei/laravel-swagger - no_fix,kubotak-is/l5-swagger - 4.0.1,digitalunited/wp-elastic-api - v0.1.3,mreko/l5-swagger - 4.0.1,steamuloabeaujou/api-platform - v2.0.0-rc.1,ramzyvirani/laravel-boilerplate - dev-snyk-fix-6118335e7ee4db4dc6929725f8b9be70,imikemiller/l5-swagger-redoc - v2.0,flask-apispec - 0.4.0,folksyfolks/l5-swagger - dev-upgrade-to-swagger-ui-4,visiosoft/l5-swagger - 3.x-dev,mreko/l5-swagger - v2.0,firdaushatta/l5-swagger - dev-firdaushatta-patch-1,servicestack.api.swagger.signed - 4.5.12,vsmoraes/swagger-ui-bundle - no_fix |
❌ |
| CVE-2016-1000229 |
Medium |
6.1 |
swagger-ui-2.1.2.min.js |
Direct |
2.2.1 |
❌ |
| WS-2017-0143 |
Medium |
5.4 |
swagger-ui-2.1.2.min.js |
Direct |
2.2.3,digitalunited/wp-elastic-api - v0.1,rich2k/l5-swagger - 5.0,open-resource-manager/core - no_fix,dolibarr/dolibarr - 9.0.0,fxmonster/l5-swagger - 5.0,dandisy/laravel-generator - dev-dependabot/npm_and_yarn/templates/vuejs/js/eslint-4.19.1,openrastaswagger - 1.0.3.21,dreamfactory/df-swagger-ui - 0.4.0,digitalunited/wp-elastic-api - v0.1.3,dandisy/webcore-base - 1.0.0,yaangvu/swagger-lume - 2.0,vsmoraes/swagger-ui-bundle - dev-nelmio_integration,smskin/l5-swagger - 5.0,luracast/restler - 2.2.0,folksyfolks/l5-swagger - dev-upgrade-to-swagger-ui-4,restler/framework - 5.0.6,swagger-ui - 2.0.3,darkaonline/l5-swagger - 3.0.1,firdaushatta/l5-swagger - 5.0,raftx24/l5-swagger - 4.0.1,riverslei/laravel-swagger - no_fix,dandisy/webcore-base - no_fix,activelamp/swagger-ui-bundle - dev-nelmio_integration,dhawton/l5-swagger-redoc - v2.0,folksyfolks/l5-swagger - 3.1.4,pleio/pleio_rest - no_fix,odn.swagger.net - no_fix,digitalunited/wp-elastic-api - v0.1.4,servicestack.api.swagger - 4.0.8,visiosoft/l5-swagger - 3.x-dev,rodchyn/api-platform-core - v2.0.0-rc.1,vswashbuckle.core - 1.0.1,imjarek/laravel-swagger - 5.0,firdaushatta/l5-swagger - dev-firdaushatta-patch-1,libgraviton/swagger-ui - v1.0,jlapp/swaggervel - 1.0.x-dev,luracast/restler - 5.07,swagger-ui - 2.0.3,laminas-api-tools/api-tools-documentation-swagger - 1.3.0,zfcampus/zf-apigility-documentation-swagger - dev-master,latrell/swagger - 1.0.2,servicestack.api.swagger.signed - 4.5.12,swagger-ui - 2.2.3,hasangilak/l5-swagger - 5.0,helingfeng/l5-swagger - 5.0,zfcampus/zf-apigility-documentation-swagger - 1.3.0,bluzphp/skeleton - 2.0.2,jjdoor/swagger-lume - 2.0,luracast/restler - 4.0.0,luracast/restler - 5.0.6,kbrabrand/silex-swagger-ui - no_fix,api-platform/core - v2.0.0-rc.1,fmarmo/swagger-lume - 2.0,servicestack.api.swagger.signed - 4.0.35,dreamfactory/df-api-docs-ui - 1.1.0,kizi/easyminer-easyminercenter - v2.0,vsmoraes/swagger-ui-bundle - no_fix,dreamfactory/app-admin - 1.0.4,gajendrajain20/laravel-pioneer-cms - no_fix,swagger-api/swagger-ui - v2.2.3,dandisy/webcore - 1.0.6,sergeyfast/eazy-jsonrpc - v1.0,cr3a7ure/core - dev-docminor,kubotak-is/l5-swagger - 4.0.1,luracast/restler - 1.0.20,folksyfolks/l5-swagger - 2.1,raftx24/l5-swagger - v2.0,kubotak-is/l5-swagger - 3.0.1,mreko/l5-swagger - 4.0.1,mymdz/l5-swagger - 5.0,vjeantet/silex-simple-rest-swagger - no_fix,mreko/l5-swagger - 3.0.1,dreamfactory/df-swagger-ui - no_fix,govtnz/swagger-ui - v1.0,ci-blox/ignition-go - 1.0.0-beta.1,hos/hos-framework - no_fix,pmvc-app/swagger_ui - no_fix,ernestoponce/slimproject - no_fix,jinsoft/laravel-swagger - no_fix,jym.identityserver.swagger - no_fix,dennis1804/iq-swagger - dev-dependabot/composer/illuminate/support-approx-8.16,steamuloabeaujou/api-platform - v2.0.0-rc.1,iwanli/laravel5-swagger - no_fix,davigs/swagger-lume - 2.0,restler/framework - 3.0.0-RC1,restler/framework - 4.0.0,kubotak-is/l5-swagger - v2.0,mreko/l5-swagger - v2.0,cr3a7ure/core - no_fix,sjje/swaggervel - dev-master,darkaonline/l5-swagger - v2.0,darkaonline/l5-swagger - dev-upgrade-to-swagger-ui-4,imikemiller/l5-swagger-redoc - 4.0.1,keeko/developer-app - v0.2,restler/framework - 5.07,mahmoodbabaei/etribes-code-challenge - no_fix,swagger-ui - 2.2.3,jessekoska/swagger-lume - v2.0.24,servicestack.api.swagger - 4.5.12,juzaweb/l5-swagger - 5.0,dennis1804/iq-swagger - no_fix,firdaushatta/l5-swagger - dev-firdaushatta-patch-2,ramzyvirani/laravel-boilerplate - dev-snyk-fix-6118335e7ee4db4dc6929725f8b9be70,digitalunited/wp-elastic-api - v0.1.2,firdaushatta/l5-swagger - dev-upgrade-to-swagger-ui-4,dhawton/l5-swagger-redoc - 3.0.1,damian-nz/l5-swagger - 3.2,dreamfactory/df-swagger-ui - v2.2.3,dhawton/l5-swagger-redoc - 4.0.1,dreamfactory/app-admin - no_fix,dandisy/adminlte-templates - 1.2.2,alexmaramaldo/swaggervel-2 - no_fix,hadeswang/jlapp-swaggervel - 1.0.x-dev,nservicekit.api.swagger - no_fix,dandisy/laravel-generator - 1.0.0,damian-nz/l5-swagger - dev-master,sergeyfast/eazy-jsonrpc - no_fix,servicestack.api.swagger - 4.0.35,pharmit/swaggervel - 1.0.x-dev,imikemiller/l5-swagger-redoc - v2.0,dandisy/laravel-generator - 1.2.7,raftx24/l5-swagger - 3.0.1,imikemiller/l5-swagger-redoc - 3.0.1 |
❌ |
| WS-2019-0171 |
Medium |
4.3 |
swagger-ui-2.1.2.min.js |
Direct |
swagger-ui - 3.18.0,swagger-ui - 3.18.0 |
❌ |
| CVE-2018-25031 |
Medium |
4.3 |
swagger-ui-2.1.2.min.js |
Direct |
swagger-ui - 4.1.3;swagger-ui-dist - 4.1.3 |
❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Partial details (13 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
CVE-2019-17495
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
- ❌ swagger-ui-2.1.2.min.js (Vulnerable Library)
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.
Publish Date: 2019-10-10
URL: CVE-2019-17495
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/maven/io.springfox/springfox-swagger-ui/CVE-2019-17495.yml
Release Date: 2019-10-10
Fix Resolution: swagger-ui - 3.23.11, io.springfox:springfox-swagger-ui:2.10.0
WS-2016-0034
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
- ❌ swagger-ui-2.1.2.min.js (Vulnerable Library)
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
Swagger-ui has vulnerability when "Produces" and "consumes" Content-types in schema are not escaped and allow XSS
Publish Date: 2026-05-19
URL: WS-2016-0034
CVSS 3 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://www.mend.io/vulnerability-database/WS-2016-0034
Release Date: 2026-05-14
Fix Resolution: zfcampus/zf-apigility-documentation-swagger - 1.3.0,rich2k/l5-swagger - 3.x-dev,digitalunited/wp-elastic-api - v0.1.3,vsmoraes/swagger-ui-bundle - no_fix,servicestack.api.swagger - 4.0.8,steamuloabeaujou/api-platform - v2.0.0-rc.1,pleio/pleio_rest - no_fix,keeko/developer-app - v0.2,mahmoodbabaei/etribes-code-challenge - no_fix,kizi/easyminer-easyminercenter - v2.0,helingfeng/l5-swagger - 3.x-dev,luracast/restler - 4.0.0,sjje/swaggervel - dev-master,firdaushatta/l5-swagger - 3.2,luracast/restler - 5.0.6,hadeswang/jlapp-swaggervel - 1.0.x-dev,zfcampus/zf-apigility-documentation-swagger - dev-master,imjarek/laravel-swagger - 3.x-dev,juzaweb/l5-swagger - 3.x-dev,pharmit/swaggervel - 1.0.x-dev,rich2k/l5-swagger - 3.2,libgraviton/swagger-ui - v1.0,dreamfactory/app-admin - no_fix,swagger-ui - 2.1.5,digitalunited/wp-elastic-api - v0.1.2,hasangilak/l5-swagger - 3.x-dev,mymdz/l5-swagger - 3.x-dev,swagger-ui - 2.1.5,davigs/swagger-lume - 2.0,dandisy/webcore-base - no_fix,dolibarr/dolibarr - 9.0.0,activelamp/swagger-ui-bundle - dev-nelmio_integration,swagger-ui - 2.0.3,digitalunited/wp-elastic-api - v0.1.4,cr3a7ure/core - 2.1.x-dev,servicestack.api.swagger.signed - 4.0.35,bluzphp/skeleton - 2.0.2,servicestack.api.swagger - 4.0.35,hos/hos-framework - no_fix,damian-nz/l5-swagger - dev-master,restler/framework - 3.0.0-RC1,dandisy/adminlte-templates - 1.2.2,visiosoft/l5-swagger - 3.x-dev,odn.swagger.net - no_fix,vjeantet/silex-simple-rest-swagger - no_fix,smskin/l5-swagger - 3.2,vsmoraes/swagger-ui-bundle - dev-nelmio_integration,dandisy/webcore - 1.0.6,restler/framework - 5.0.6,hasangilak/l5-swagger - 3.2,api-platform/core - v2.0.0-rc.1,pmvc-app/swagger_ui - no_fix,jessekoska/swagger-lume - v2.0.24,iwanli/laravel5-swagger - no_fix,dreamfactory/app-admin - 1.0.4,firdaushatta/l5-swagger - 3.x-dev,fxmonster/l5-swagger - 3.x-dev,dennis1804/iq-swagger - no_fix,restler/framework - 4.0.0,yaangvu/swagger-lume - 2.0,folksyfolks/l5-swagger - 3.1.4,dandisy/laravel-generator - dev-dependabot/npm_and_yarn/templates/vuejs/js/eslint-4.19.1,dandisy/laravel-generator - 1.0.0,dandisy/webcore-base - 1.0.0,alexmaramaldo/swaggervel-2 - no_fix,ernestoponce/slimproject - no_fix,luracast/restler - 2.2.0,sergeyfast/eazy-jsonrpc - no_fix,dennis1804/iq-swagger - dev-dependabot/composer/illuminate/support-approx-8.16,imjarek/laravel-swagger - 3.2,jinsoft/laravel-swagger - no_fix,kbrabrand/silex-swagger-ui - no_fix,sergeyfast/eazy-jsonrpc - v1.0,ramzyvirani/laravel-boilerplate - dev-snyk-fix-6118335e7ee4db4dc6929725f8b9be70,swagger-ui - 2.0.3,helingfeng/l5-swagger - 3.2,jjdoor/swagger-lume - 2.0,jlapp/swaggervel - 1.0.x-dev,nservicekit.api.swagger - no_fix,jym.identityserver.swagger - no_fix,smskin/l5-swagger - 3.x-dev,fxmonster/l5-swagger - 3.2,rodchyn/api-platform-core - v2.0.0-rc.1,restler/framework - 5.07,openrastaswagger - 1.0.3.21,fmarmo/swagger-lume - 2.0,v2.1.5,ci-blox/ignition-go - 1.0.0-beta.1,luracast/restler - 1.0.20,digitalunited/wp-elastic-api - v0.1,juzaweb/l5-swagger - 3.2,laminas-api-tools/api-tools-documentation-swagger - 1.3.0,riverslei/laravel-swagger - no_fix,dandisy/laravel-generator - 1.2.7,damian-nz/l5-swagger - 3.2,damian-nz/l5-swagger - 2.0.x-dev,mymdz/l5-swagger - 3.2,luracast/restler - 5.07
CVE-2016-1000226
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
- ❌ swagger-ui-2.1.2.min.js (Vulnerable Library)
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
Affected versions of "swagger-ui" are vulnerable to cross-site scripting in both the "consumes" and "produces" parameters of the swagger JSON document for a given API. Additionally, "swagger-ui" allows users to load arbitrary swagger JSON documents via the query string parameter "url", allowing an attacker to exploit this attack against any user that the attacker can convince to visit a crafted link. Proof of Concept http://<USER_HOSTNAME>/swagger-ui/index.html?url=http://<MALICIOUS_HOSTNAME>/malicious-swagger-file.json Recommendation Update to version 2.2.1 or later.
Publish Date: 2026-05-14
URL: CVE-2016-1000226
CVSS 3 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-7f59-x49p-v8mq
Release Date: 2026-05-14
Fix Resolution: swagger-ui - 2.2.1
WS-2019-0172
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
- ❌ swagger-ui-2.1.2.min.js (Vulnerable Library)
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
swagger-ui before 3.20.9 fails to sanitize URLs used in the OAuth auth flow, which may allow attackers to execute arbitrary JavaScript. that leads to Cross-Site Scripting
Publish Date: 2026-05-27
URL: WS-2019-0172
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://www.mend.io/vulnerability-database/WS-2019-0172
Release Date: 2026-05-14
Fix Resolution: swagger-ui - 3.20.9,swagger-api/swagger-ui - v/3.18.0,swagger-ui - 3.20.9,kevupton/auto-swagger-ui - v0.0.1,swagger-api/swagger-ui - dev-dependabot/npm_and_yarn/dompurify-3.0.8,zhaojunlike/think-swagger - 1.0.0,esandri/swagger-ui-big - v2.0.0,swagger-api/swagger-ui - dev-fix/xml-oneOf,swagger-api/swagger-ui - dev-issue-5148,dreamfactory/df-swagger-ui - 3.3.1,swagger-api/swagger-ui - dev-dependabot/npm_and_yarn/babel/runtime-corejs3-7.22.3,westhack/think-swagger - no_fix,3.20.9,swagger-api/swagger-ui - 3.3.1,swagger-api/swagger-ui - dev-fix-null-value-parsing,dreamfactory/df-swagger-ui - 0.2.0,dreamfactory/df-swagger-ui - v1.0,swagger-api/swagger-ui - dev-facelift,esandri/swagger-ui-big - v3.0.0,swagger-api/swagger-ui - dev-dependabot/npm_and_yarn/mocha-9.0.2,swagger-api/swagger-ui - v3.20.9,esandri/swagger-ui-big - no_fix,westhack/think-swagger - 1.0.0,kevupton/auto-swagger-ui - no_fix
CVE-2016-1000233
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
- ❌ swagger-ui-2.1.2.min.js (Vulnerable Library)
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
Affected versions of "swagger-ui" are vulnerable to cross-site scripting. This vulnerability exists because "swagger-ui" automatically executes external Javascript that is loaded in via the "url" query string parameter when a "Content-Type: application/javascript" header is included. An attacker can create a server that replies with a malicious script and the proper content-type, and then craft a "swagger-ui" URL that includes the location to their server/script in the "url" query string parameter. When viewed, such a link would execute the attacker's malicious script. Recommendation Update to 2.2.1 or later.
Publish Date: 2026-05-19
URL: CVE-2016-1000233
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082
Release Date: 2024-11-03
Fix Resolution: 2.2.1
WS-2019-0236
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
- ❌ swagger-ui-2.1.2.min.js (Vulnerable Library)
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
swagger-ui versions before 3.0.13 are vulnerable to XSS when it fails to sanitize YAML files imported from URLs or copied-pasted. This may allow attackers to execute arbitrary JavaScript.
Publish Date: 2026-05-14
URL: WS-2019-0236
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://www.mend.io/vulnerability-database/WS-2019-0236
Release Date: 2026-05-14
Fix Resolution: swagger-ui - 3.0.13,swagger-ui - 3.0.13
WS-2019-0235
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
- ❌ swagger-ui-2.1.2.min.js (Vulnerable Library)
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
swagger-ui versions before 2.2.1 are vulnerable to XSS when it fails to encode output in GET requests. The request is meant to respond with Content-Type application/json which does not trigger the vulnerability but if the web server changes the header to text/html it may allow attackers to execute arbitrary JavaScript.
Publish Date: 2026-05-14
URL: WS-2019-0235
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://www.mend.io/vulnerability-database/WS-2019-0235
Release Date: 2026-05-14
Fix Resolution: swagger-ui - 2.2.0,swagger-ui - 2.2.0
WS-2019-0234
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
- ❌ swagger-ui-2.1.2.min.js (Vulnerable Library)
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
swagger-ui versions before 2.2.1 are vulnerable to XSS when allowing HTML code in the swagger.apiInfo.description value without proper sanitization, which may allow attackers to execute arbitrary JavaScript.
Publish Date: 2026-05-19
URL: WS-2019-0234
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082
Release Date: 2015-01-28
Fix Resolution: 2.2.1,rich2k/l5-swagger - 5.0,raftx24/l5-swagger - 4.0.1,swagger-ui - 2.2.2,mreko/l5-swagger - v2.0,pleio/pleio_rest - no_fix,restler/framework - 3.0.0-RC1,folksyfolks/l5-swagger - 2.1,servicestack.api.swagger - 4.0.8,imikemiller/l5-swagger-redoc - 3.0.1,kbrabrand/silex-swagger-ui - no_fix,dandisy/laravel-generator - 1.0.0,hos/hos-framework - no_fix,fxmonster/l5-swagger - 5.0,vswashbuckle.core - 1.0.1,servicestack.api.swagger - 4.0.35,folksyfolks/l5-swagger - 3.1.4,firdaushatta/l5-swagger - dev-upgrade-to-swagger-ui-4,odn.swagger.net - no_fix,sergeyfast/eazy-jsonrpc - no_fix,pharmit/swaggervel - 1.0.x-dev,digitalunited/wp-elastic-api - v0.1,damian-nz/l5-swagger - dev-master,firdaushatta/l5-swagger - dev-firdaushatta-patch-2,flask-apispec - 0.7.0,cromwell - 0.30,digitalunited/wp-elastic-api - v0.1.3,jjdoor/swagger-lume - 2.0,luracast/restler - 4.0.0,dhawton/l5-swagger-redoc - 3.0.1,ernestoponce/slimproject - no_fix,luracast/restler - 5.07,cr3a7ure/core - no_fix,dhawton/l5-swagger-redoc - 4.0.1,dreamfactory/app-admin - no_fix,nservicekit.api.swagger - no_fix,flask-apispec - 0.4.0,keeko/developer-app - v0.2,juzaweb/l5-swagger - 5.0,fmarmo/swagger-lume - 2.0,alexmaramaldo/swaggervel-2 - no_fix,openrastaswagger - 1.0.3.21,dennis1804/iq-swagger - no_fix,zfcampus/zf-apigility-documentation-swagger - 1.3.0,dandisy/webcore-base - no_fix,digitalunited/wp-elastic-api - v0.1.2,sergeyfast/eazy-jsonrpc - v1.0,firdaushatta/l5-swagger - 5.0,vsmoraes/swagger-ui-bundle - dev-nelmio_integration,raftx24/l5-swagger - 3.0.1,vjeantet/silex-simple-rest-swagger - no_fix,luracast/restler - 1.0.20,hasangilak/l5-swagger - 5.0,davigs/swagger-lume - 2.0,servicestack.api.swagger.signed - 4.5.12,iwanli/laravel5-swagger - no_fix,dandisy/laravel-generator - 1.2.7,jlapp/swaggervel - 1.0.x-dev,jym.identityserver.swagger - no_fix,pmvc-app/swagger_ui - no_fix,kizi/easyminer-easyminercenter - v2.0,mreko/l5-swagger - 3.0.1,raftx24/l5-swagger - v2.0,dandisy/webcore - 1.0.6,dandisy/adminlte-templates - 1.2.2,steamuloabeaujou/api-platform - v2.0.0-rc.1,dreamfactory/app-admin - 1.0.4,folksyfolks/l5-swagger - dev-upgrade-to-swagger-ui-4,imikemiller/l5-swagger-redoc - 4.0.1,flask-apispec - 0.4.0,hadeswang/jlapp-swaggervel - 1.0.x-dev,luracast/restler - 2.2.0,smskin/l5-swagger - 5.0,luracast/restler - 5.0.6,gajendrajain20/laravel-pioneer-cms - no_fix,digitalunited/wp-elastic-api - v0.1.4,darkaonline/l5-swagger - v2.0,firdaushatta/l5-swagger - dev-firdaushatta-patch-1,open-resource-manager/core - no_fix,servicestack.api.swagger - 4.5.12,libgraviton/swagger-ui - v1.0,helingfeng/l5-swagger - 5.0,cr3a7ure/core - dev-docminor,restler/framework - 5.0.6,darkaonline/l5-swagger - 3.0.1,rodchyn/api-platform-core - v2.0.0-rc.1,kubotak-is/l5-swagger - 4.0.1,ramzyvirani/laravel-boilerplate - dev-snyk-fix-6118335e7ee4db4dc6929725f8b9be70,latrell/swagger - 1.0.2,dandisy/laravel-generator - dev-dependabot/npm_and_yarn/templates/vuejs/js/eslint-4.19.1,imjarek/laravel-swagger - 5.0,servicestack.api.swagger.signed - 4.0.35,mreko/l5-swagger - 4.0.1,dolibarr/dolibarr - 9.0.0,mahmoodbabaei/etribes-code-challenge - no_fix,mymdz/l5-swagger - 5.0,bluzphp/skeleton - 2.0.2,kubotak-is/l5-swagger - v2.0,visiosoft/l5-swagger - 3.x-dev,yaangvu/swagger-lume - 2.0,damian-nz/l5-swagger - 3.2,laminas-api-tools/api-tools-documentation-swagger - 1.3.0,restler/framework - 4.0.0,jessekoska/swagger-lume - v2.0.24,zfcampus/zf-apigility-documentation-swagger - dev-master,flask-apispec - 0.7.0,api-platform/core - v2.0.0-rc.1,vsmoraes/swagger-ui-bundle - no_fix,activelamp/swagger-ui-bundle - dev-nelmio_integration,dennis1804/iq-swagger - dev-dependabot/composer/illuminate/support-approx-8.16,swagger-ui - 2.2.2,imikemiller/l5-swagger-redoc - v2.0,dhawton/l5-swagger-redoc - v2.0,darkaonline/l5-swagger - dev-upgrade-to-swagger-ui-4,sjje/swaggervel - dev-master,ci-blox/ignition-go - 1.0.0-beta.1,kubotak-is/l5-swagger - 3.0.1,riverslei/laravel-swagger - no_fix,dandisy/webcore-base - 1.0.0,jinsoft/laravel-swagger - no_fix,restler/framework - 5.07
CVE-2016-5682
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
- ❌ swagger-ui-2.1.2.min.js (Vulnerable Library)
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.
Publish Date: 2017-04-10
URL: CVE-2016-5682
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-p239-93f7-h6xf
Release Date: 2017-04-10
Fix Resolution: swagger-ui - 2.2.1
CVE-2016-1000239
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
- ❌ swagger-ui-2.1.2.min.js (Vulnerable Library)
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
swagger-ui versions before 2.2.1 vulnerable to cross-site scripting via the url query string parameter.
Publish Date: 2026-05-19
URL: CVE-2016-1000239
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/137
Release Date: 2019-07-11
Fix Resolution: 2.2.1,gajendrajain20/laravel-pioneer-cms - no_fix,pharmit/swaggervel - 1.0.x-dev,dreamfactory/df-api-docs-ui - 1.1.0,swagger-ui - 2.2.2,dhawton/l5-swagger-redoc - v2.0,kizi/easyminer-easyminercenter - v2.0,firdaushatta/l5-swagger - dev-firdaushatta-patch-2,hos/hos-framework - no_fix,ernestoponce/slimproject - no_fix,api-platform/core - v2.0.0-rc.1,sjje/swaggervel - dev-master,dhawton/l5-swagger-redoc - 3.0.1,dreamfactory/app-admin - 1.0.4,swagger-ui - 2.2.2,folksyfolks/l5-swagger - 2.1,dreamfactory/app-admin - no_fix,yaangvu/swagger-lume - 2.0,dennis1804/iq-swagger - no_fix,open-resource-manager/core - no_fix,latrell/swagger - 1.0.2,smskin/l5-swagger - 5.0,damian-nz/l5-swagger - dev-master,digitalunited/wp-elastic-api - v0.1.2,raftx24/l5-swagger - 3.0.1,firdaushatta/l5-swagger - dev-upgrade-to-swagger-ui-4,dandisy/laravel-generator - 1.0.0,firdaushatta/l5-swagger - 5.0,mymdz/l5-swagger - 5.0,jym.identityserver.swagger - no_fix,darkaonline/l5-swagger - 3.0.1,digitalunited/wp-elastic-api - v0.1.4,vjeantet/silex-simple-rest-swagger - no_fix,rich2k/l5-swagger - 5.0,servicestack.api.swagger - 4.5.12,digitalunited/wp-elastic-api - v0.1,jjdoor/swagger-lume - 2.0,servicestack.api.swagger - 4.0.8,ci-blox/ignition-go - 1.0.0-beta.1,dandisy/webcore - 1.0.6,kbrabrand/silex-swagger-ui - no_fix,damian-nz/l5-swagger - 3.2,hadeswang/jlapp-swaggervel - 1.0.x-dev,keeko/developer-app - v0.2,dreamfactory/df-swagger-ui - 0.4.0,pmvc-app/swagger_ui - no_fix,hasangilak/l5-swagger - 5.0,servicestack.api.swagger - 4.0.35,darkaonline/l5-swagger - v2.0,alexmaramaldo/swaggervel-2 - no_fix,raftx24/l5-swagger - v2.0,sergeyfast/eazy-jsonrpc - no_fix,dhawton/l5-swagger-redoc - 4.0.1,imikemiller/l5-swagger-redoc - 3.0.1,zfcampus/zf-apigility-documentation-swagger - 1.3.0,zfcampus/zf-apigility-documentation-swagger - dev-master,dandisy/webcore-base - 1.0.0,helingfeng/l5-swagger - 5.0,kubotak-is/l5-swagger - v2.0,fxmonster/l5-swagger - 5.0,kubotak-is/l5-swagger - 3.0.1,laminas-api-tools/api-tools-documentation-swagger - 1.3.0,odn.swagger.net - no_fix,nservicekit.api.swagger - no_fix,jinsoft/laravel-swagger - no_fix,dreamfactory/df-swagger-ui - no_fix,libgraviton/swagger-ui - v1.0,flask-apispec - 0.7.0,flask-apispec - 0.7.0,juzaweb/l5-swagger - 5.0,dandisy/adminlte-templates - 1.2.2,cr3a7ure/core - no_fix,dandisy/laravel-generator - 1.2.7,fmarmo/swagger-lume - 2.0,sergeyfast/eazy-jsonrpc - v1.0,raftx24/l5-swagger - 4.0.1,flask-apispec - 0.4.0,folksyfolks/l5-swagger - 3.1.4,jlapp/swaggervel - 1.0.x-dev,cromwell - 0.30,iwanli/laravel5-swagger - no_fix,davigs/swagger-lume - 2.0,servicestack.api.swagger.signed - 4.0.35,imjarek/laravel-swagger - 5.0,activelamp/swagger-ui-bundle - dev-nelmio_integration,dandisy/laravel-generator - dev-dependabot/npm_and_yarn/templates/vuejs/js/eslint-4.19.1,pleio/pleio_rest - no_fix,dandisy/webcore-base - no_fix,cr3a7ure/core - dev-docminor,openrastaswagger - 1.0.3.21,rodchyn/api-platform-core - v2.0.0-rc.1,vsmoraes/swagger-ui-bundle - dev-nelmio_integration,mahmoodbabaei/etribes-code-challenge - no_fix,dennis1804/iq-swagger - dev-dependabot/composer/illuminate/support-approx-8.16,govtnz/swagger-ui - v1.0,mreko/l5-swagger - 3.0.1,bluzphp/skeleton - 2.0.2,jessekoska/swagger-lume - v2.0.24,darkaonline/l5-swagger - dev-upgrade-to-swagger-ui-4,imikemiller/l5-swagger-redoc - 4.0.1,riverslei/laravel-swagger - no_fix,kubotak-is/l5-swagger - 4.0.1,digitalunited/wp-elastic-api - v0.1.3,mreko/l5-swagger - 4.0.1,steamuloabeaujou/api-platform - v2.0.0-rc.1,ramzyvirani/laravel-boilerplate - dev-snyk-fix-6118335e7ee4db4dc6929725f8b9be70,imikemiller/l5-swagger-redoc - v2.0,flask-apispec - 0.4.0,folksyfolks/l5-swagger - dev-upgrade-to-swagger-ui-4,visiosoft/l5-swagger - 3.x-dev,mreko/l5-swagger - v2.0,firdaushatta/l5-swagger - dev-firdaushatta-patch-1,servicestack.api.swagger.signed - 4.5.12,vsmoraes/swagger-ui-bundle - no_fix
CVE-2016-1000229
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
- ❌ swagger-ui-2.1.2.min.js (Vulnerable Library)
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
swagger-ui has XSS in key names
Publish Date: 2019-12-20
URL: CVE-2016-1000229
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/126
Release Date: 2019-12-20
Fix Resolution: 2.2.1
WS-2017-0143
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
- ❌ swagger-ui-2.1.2.min.js (Vulnerable Library)
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
Affected versions of the package are vulnerable to Cross-site Scripting (XSS) due to not escaping html script tags.
Publish Date: 2026-05-19
URL: WS-2017-0143
CVSS 3 Score Details (5.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2016-09-01
Fix Resolution: 2.2.3,digitalunited/wp-elastic-api - v0.1,rich2k/l5-swagger - 5.0,open-resource-manager/core - no_fix,dolibarr/dolibarr - 9.0.0,fxmonster/l5-swagger - 5.0,dandisy/laravel-generator - dev-dependabot/npm_and_yarn/templates/vuejs/js/eslint-4.19.1,openrastaswagger - 1.0.3.21,dreamfactory/df-swagger-ui - 0.4.0,digitalunited/wp-elastic-api - v0.1.3,dandisy/webcore-base - 1.0.0,yaangvu/swagger-lume - 2.0,vsmoraes/swagger-ui-bundle - dev-nelmio_integration,smskin/l5-swagger - 5.0,luracast/restler - 2.2.0,folksyfolks/l5-swagger - dev-upgrade-to-swagger-ui-4,restler/framework - 5.0.6,swagger-ui - 2.0.3,darkaonline/l5-swagger - 3.0.1,firdaushatta/l5-swagger - 5.0,raftx24/l5-swagger - 4.0.1,riverslei/laravel-swagger - no_fix,dandisy/webcore-base - no_fix,activelamp/swagger-ui-bundle - dev-nelmio_integration,dhawton/l5-swagger-redoc - v2.0,folksyfolks/l5-swagger - 3.1.4,pleio/pleio_rest - no_fix,odn.swagger.net - no_fix,digitalunited/wp-elastic-api - v0.1.4,servicestack.api.swagger - 4.0.8,visiosoft/l5-swagger - 3.x-dev,rodchyn/api-platform-core - v2.0.0-rc.1,vswashbuckle.core - 1.0.1,imjarek/laravel-swagger - 5.0,firdaushatta/l5-swagger - dev-firdaushatta-patch-1,libgraviton/swagger-ui - v1.0,jlapp/swaggervel - 1.0.x-dev,luracast/restler - 5.07,swagger-ui - 2.0.3,laminas-api-tools/api-tools-documentation-swagger - 1.3.0,zfcampus/zf-apigility-documentation-swagger - dev-master,latrell/swagger - 1.0.2,servicestack.api.swagger.signed - 4.5.12,swagger-ui - 2.2.3,hasangilak/l5-swagger - 5.0,helingfeng/l5-swagger - 5.0,zfcampus/zf-apigility-documentation-swagger - 1.3.0,bluzphp/skeleton - 2.0.2,jjdoor/swagger-lume - 2.0,luracast/restler - 4.0.0,luracast/restler - 5.0.6,kbrabrand/silex-swagger-ui - no_fix,api-platform/core - v2.0.0-rc.1,fmarmo/swagger-lume - 2.0,servicestack.api.swagger.signed - 4.0.35,dreamfactory/df-api-docs-ui - 1.1.0,kizi/easyminer-easyminercenter - v2.0,vsmoraes/swagger-ui-bundle - no_fix,dreamfactory/app-admin - 1.0.4,gajendrajain20/laravel-pioneer-cms - no_fix,swagger-api/swagger-ui - v2.2.3,dandisy/webcore - 1.0.6,sergeyfast/eazy-jsonrpc - v1.0,cr3a7ure/core - dev-docminor,kubotak-is/l5-swagger - 4.0.1,luracast/restler - 1.0.20,folksyfolks/l5-swagger - 2.1,raftx24/l5-swagger - v2.0,kubotak-is/l5-swagger - 3.0.1,mreko/l5-swagger - 4.0.1,mymdz/l5-swagger - 5.0,vjeantet/silex-simple-rest-swagger - no_fix,mreko/l5-swagger - 3.0.1,dreamfactory/df-swagger-ui - no_fix,govtnz/swagger-ui - v1.0,ci-blox/ignition-go - 1.0.0-beta.1,hos/hos-framework - no_fix,pmvc-app/swagger_ui - no_fix,ernestoponce/slimproject - no_fix,jinsoft/laravel-swagger - no_fix,jym.identityserver.swagger - no_fix,dennis1804/iq-swagger - dev-dependabot/composer/illuminate/support-approx-8.16,steamuloabeaujou/api-platform - v2.0.0-rc.1,iwanli/laravel5-swagger - no_fix,davigs/swagger-lume - 2.0,restler/framework - 3.0.0-RC1,restler/framework - 4.0.0,kubotak-is/l5-swagger - v2.0,mreko/l5-swagger - v2.0,cr3a7ure/core - no_fix,sjje/swaggervel - dev-master,darkaonline/l5-swagger - v2.0,darkaonline/l5-swagger - dev-upgrade-to-swagger-ui-4,imikemiller/l5-swagger-redoc - 4.0.1,keeko/developer-app - v0.2,restler/framework - 5.07,mahmoodbabaei/etribes-code-challenge - no_fix,swagger-ui - 2.2.3,jessekoska/swagger-lume - v2.0.24,servicestack.api.swagger - 4.5.12,juzaweb/l5-swagger - 5.0,dennis1804/iq-swagger - no_fix,firdaushatta/l5-swagger - dev-firdaushatta-patch-2,ramzyvirani/laravel-boilerplate - dev-snyk-fix-6118335e7ee4db4dc6929725f8b9be70,digitalunited/wp-elastic-api - v0.1.2,firdaushatta/l5-swagger - dev-upgrade-to-swagger-ui-4,dhawton/l5-swagger-redoc - 3.0.1,damian-nz/l5-swagger - 3.2,dreamfactory/df-swagger-ui - v2.2.3,dhawton/l5-swagger-redoc - 4.0.1,dreamfactory/app-admin - no_fix,dandisy/adminlte-templates - 1.2.2,alexmaramaldo/swaggervel-2 - no_fix,hadeswang/jlapp-swaggervel - 1.0.x-dev,nservicekit.api.swagger - no_fix,dandisy/laravel-generator - 1.0.0,damian-nz/l5-swagger - dev-master,sergeyfast/eazy-jsonrpc - no_fix,servicestack.api.swagger - 4.0.35,pharmit/swaggervel - 1.0.x-dev,imikemiller/l5-swagger-redoc - v2.0,dandisy/laravel-generator - 1.2.7,raftx24/l5-swagger - 3.0.1,imikemiller/l5-swagger-redoc - 3.0.1
WS-2019-0171
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
- ❌ swagger-ui-2.1.2.min.js (Vulnerable Library)
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
swagger-ui before 3.18.0 has Reverse Tabnapping vulnerability. using target='_blank' in anchor tags, allowing attackers to access window.opener for the original page.
Publish Date: 2026-05-14
URL: WS-2019-0171
CVSS 3 Score Details (4.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://www.mend.io/vulnerability-database/WS-2019-0171
Release Date: 2026-05-14
Fix Resolution: swagger-ui - 3.18.0,swagger-ui - 3.18.0
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.
Publish Date: 2019-10-10
URL: CVE-2019-17495
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/maven/io.springfox/springfox-swagger-ui/CVE-2019-17495.yml
Release Date: 2019-10-10
Fix Resolution: swagger-ui - 3.23.11, io.springfox:springfox-swagger-ui:2.10.0
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
Swagger-ui has vulnerability when "Produces" and "consumes" Content-types in schema are not escaped and allow XSS
Publish Date: 2026-05-19
URL: WS-2016-0034
CVSS 3 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.mend.io/vulnerability-database/WS-2016-0034
Release Date: 2026-05-14
Fix Resolution: zfcampus/zf-apigility-documentation-swagger - 1.3.0,rich2k/l5-swagger - 3.x-dev,digitalunited/wp-elastic-api - v0.1.3,vsmoraes/swagger-ui-bundle - no_fix,servicestack.api.swagger - 4.0.8,steamuloabeaujou/api-platform - v2.0.0-rc.1,pleio/pleio_rest - no_fix,keeko/developer-app - v0.2,mahmoodbabaei/etribes-code-challenge - no_fix,kizi/easyminer-easyminercenter - v2.0,helingfeng/l5-swagger - 3.x-dev,luracast/restler - 4.0.0,sjje/swaggervel - dev-master,firdaushatta/l5-swagger - 3.2,luracast/restler - 5.0.6,hadeswang/jlapp-swaggervel - 1.0.x-dev,zfcampus/zf-apigility-documentation-swagger - dev-master,imjarek/laravel-swagger - 3.x-dev,juzaweb/l5-swagger - 3.x-dev,pharmit/swaggervel - 1.0.x-dev,rich2k/l5-swagger - 3.2,libgraviton/swagger-ui - v1.0,dreamfactory/app-admin - no_fix,swagger-ui - 2.1.5,digitalunited/wp-elastic-api - v0.1.2,hasangilak/l5-swagger - 3.x-dev,mymdz/l5-swagger - 3.x-dev,swagger-ui - 2.1.5,davigs/swagger-lume - 2.0,dandisy/webcore-base - no_fix,dolibarr/dolibarr - 9.0.0,activelamp/swagger-ui-bundle - dev-nelmio_integration,swagger-ui - 2.0.3,digitalunited/wp-elastic-api - v0.1.4,cr3a7ure/core - 2.1.x-dev,servicestack.api.swagger.signed - 4.0.35,bluzphp/skeleton - 2.0.2,servicestack.api.swagger - 4.0.35,hos/hos-framework - no_fix,damian-nz/l5-swagger - dev-master,restler/framework - 3.0.0-RC1,dandisy/adminlte-templates - 1.2.2,visiosoft/l5-swagger - 3.x-dev,odn.swagger.net - no_fix,vjeantet/silex-simple-rest-swagger - no_fix,smskin/l5-swagger - 3.2,vsmoraes/swagger-ui-bundle - dev-nelmio_integration,dandisy/webcore - 1.0.6,restler/framework - 5.0.6,hasangilak/l5-swagger - 3.2,api-platform/core - v2.0.0-rc.1,pmvc-app/swagger_ui - no_fix,jessekoska/swagger-lume - v2.0.24,iwanli/laravel5-swagger - no_fix,dreamfactory/app-admin - 1.0.4,firdaushatta/l5-swagger - 3.x-dev,fxmonster/l5-swagger - 3.x-dev,dennis1804/iq-swagger - no_fix,restler/framework - 4.0.0,yaangvu/swagger-lume - 2.0,folksyfolks/l5-swagger - 3.1.4,dandisy/laravel-generator - dev-dependabot/npm_and_yarn/templates/vuejs/js/eslint-4.19.1,dandisy/laravel-generator - 1.0.0,dandisy/webcore-base - 1.0.0,alexmaramaldo/swaggervel-2 - no_fix,ernestoponce/slimproject - no_fix,luracast/restler - 2.2.0,sergeyfast/eazy-jsonrpc - no_fix,dennis1804/iq-swagger - dev-dependabot/composer/illuminate/support-approx-8.16,imjarek/laravel-swagger - 3.2,jinsoft/laravel-swagger - no_fix,kbrabrand/silex-swagger-ui - no_fix,sergeyfast/eazy-jsonrpc - v1.0,ramzyvirani/laravel-boilerplate - dev-snyk-fix-6118335e7ee4db4dc6929725f8b9be70,swagger-ui - 2.0.3,helingfeng/l5-swagger - 3.2,jjdoor/swagger-lume - 2.0,jlapp/swaggervel - 1.0.x-dev,nservicekit.api.swagger - no_fix,jym.identityserver.swagger - no_fix,smskin/l5-swagger - 3.x-dev,fxmonster/l5-swagger - 3.2,rodchyn/api-platform-core - v2.0.0-rc.1,restler/framework - 5.07,openrastaswagger - 1.0.3.21,fmarmo/swagger-lume - 2.0,v2.1.5,ci-blox/ignition-go - 1.0.0-beta.1,luracast/restler - 1.0.20,digitalunited/wp-elastic-api - v0.1,juzaweb/l5-swagger - 3.2,laminas-api-tools/api-tools-documentation-swagger - 1.3.0,riverslei/laravel-swagger - no_fix,dandisy/laravel-generator - 1.2.7,damian-nz/l5-swagger - 3.2,damian-nz/l5-swagger - 2.0.x-dev,mymdz/l5-swagger - 3.2,luracast/restler - 5.07
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
Affected versions of "swagger-ui" are vulnerable to cross-site scripting in both the "consumes" and "produces" parameters of the swagger JSON document for a given API. Additionally, "swagger-ui" allows users to load arbitrary swagger JSON documents via the query string parameter "url", allowing an attacker to exploit this attack against any user that the attacker can convince to visit a crafted link. Proof of Concept http://<USER_HOSTNAME>/swagger-ui/index.html?url=http://<MALICIOUS_HOSTNAME>/malicious-swagger-file.json Recommendation Update to version 2.2.1 or later.
Publish Date: 2026-05-14
URL: CVE-2016-1000226
CVSS 3 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-7f59-x49p-v8mq
Release Date: 2026-05-14
Fix Resolution: swagger-ui - 2.2.1
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
swagger-ui before 3.20.9 fails to sanitize URLs used in the OAuth auth flow, which may allow attackers to execute arbitrary JavaScript. that leads to Cross-Site Scripting
Publish Date: 2026-05-27
URL: WS-2019-0172
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.mend.io/vulnerability-database/WS-2019-0172
Release Date: 2026-05-14
Fix Resolution: swagger-ui - 3.20.9,swagger-api/swagger-ui - v/3.18.0,swagger-ui - 3.20.9,kevupton/auto-swagger-ui - v0.0.1,swagger-api/swagger-ui - dev-dependabot/npm_and_yarn/dompurify-3.0.8,zhaojunlike/think-swagger - 1.0.0,esandri/swagger-ui-big - v2.0.0,swagger-api/swagger-ui - dev-fix/xml-oneOf,swagger-api/swagger-ui - dev-issue-5148,dreamfactory/df-swagger-ui - 3.3.1,swagger-api/swagger-ui - dev-dependabot/npm_and_yarn/babel/runtime-corejs3-7.22.3,westhack/think-swagger - no_fix,3.20.9,swagger-api/swagger-ui - 3.3.1,swagger-api/swagger-ui - dev-fix-null-value-parsing,dreamfactory/df-swagger-ui - 0.2.0,dreamfactory/df-swagger-ui - v1.0,swagger-api/swagger-ui - dev-facelift,esandri/swagger-ui-big - v3.0.0,swagger-api/swagger-ui - dev-dependabot/npm_and_yarn/mocha-9.0.2,swagger-api/swagger-ui - v3.20.9,esandri/swagger-ui-big - no_fix,westhack/think-swagger - 1.0.0,kevupton/auto-swagger-ui - no_fix
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
Affected versions of "swagger-ui" are vulnerable to cross-site scripting. This vulnerability exists because "swagger-ui" automatically executes external Javascript that is loaded in via the "url" query string parameter when a "Content-Type: application/javascript" header is included. An attacker can create a server that replies with a malicious script and the proper content-type, and then craft a "swagger-ui" URL that includes the location to their server/script in the "url" query string parameter. When viewed, such a link would execute the attacker's malicious script. Recommendation Update to 2.2.1 or later.
Publish Date: 2026-05-19
URL: CVE-2016-1000233
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082
Release Date: 2024-11-03
Fix Resolution: 2.2.1
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
swagger-ui versions before 3.0.13 are vulnerable to XSS when it fails to sanitize YAML files imported from URLs or copied-pasted. This may allow attackers to execute arbitrary JavaScript.
Publish Date: 2026-05-14
URL: WS-2019-0236
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.mend.io/vulnerability-database/WS-2019-0236
Release Date: 2026-05-14
Fix Resolution: swagger-ui - 3.0.13,swagger-ui - 3.0.13
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
swagger-ui versions before 2.2.1 are vulnerable to XSS when it fails to encode output in GET requests. The request is meant to respond with Content-Type application/json which does not trigger the vulnerability but if the web server changes the header to text/html it may allow attackers to execute arbitrary JavaScript.
Publish Date: 2026-05-14
URL: WS-2019-0235
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.mend.io/vulnerability-database/WS-2019-0235
Release Date: 2026-05-14
Fix Resolution: swagger-ui - 2.2.0,swagger-ui - 2.2.0
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
swagger-ui versions before 2.2.1 are vulnerable to XSS when allowing HTML code in the swagger.apiInfo.description value without proper sanitization, which may allow attackers to execute arbitrary JavaScript.
Publish Date: 2026-05-19
URL: WS-2019-0234
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082
Release Date: 2015-01-28
Fix Resolution: 2.2.1,rich2k/l5-swagger - 5.0,raftx24/l5-swagger - 4.0.1,swagger-ui - 2.2.2,mreko/l5-swagger - v2.0,pleio/pleio_rest - no_fix,restler/framework - 3.0.0-RC1,folksyfolks/l5-swagger - 2.1,servicestack.api.swagger - 4.0.8,imikemiller/l5-swagger-redoc - 3.0.1,kbrabrand/silex-swagger-ui - no_fix,dandisy/laravel-generator - 1.0.0,hos/hos-framework - no_fix,fxmonster/l5-swagger - 5.0,vswashbuckle.core - 1.0.1,servicestack.api.swagger - 4.0.35,folksyfolks/l5-swagger - 3.1.4,firdaushatta/l5-swagger - dev-upgrade-to-swagger-ui-4,odn.swagger.net - no_fix,sergeyfast/eazy-jsonrpc - no_fix,pharmit/swaggervel - 1.0.x-dev,digitalunited/wp-elastic-api - v0.1,damian-nz/l5-swagger - dev-master,firdaushatta/l5-swagger - dev-firdaushatta-patch-2,flask-apispec - 0.7.0,cromwell - 0.30,digitalunited/wp-elastic-api - v0.1.3,jjdoor/swagger-lume - 2.0,luracast/restler - 4.0.0,dhawton/l5-swagger-redoc - 3.0.1,ernestoponce/slimproject - no_fix,luracast/restler - 5.07,cr3a7ure/core - no_fix,dhawton/l5-swagger-redoc - 4.0.1,dreamfactory/app-admin - no_fix,nservicekit.api.swagger - no_fix,flask-apispec - 0.4.0,keeko/developer-app - v0.2,juzaweb/l5-swagger - 5.0,fmarmo/swagger-lume - 2.0,alexmaramaldo/swaggervel-2 - no_fix,openrastaswagger - 1.0.3.21,dennis1804/iq-swagger - no_fix,zfcampus/zf-apigility-documentation-swagger - 1.3.0,dandisy/webcore-base - no_fix,digitalunited/wp-elastic-api - v0.1.2,sergeyfast/eazy-jsonrpc - v1.0,firdaushatta/l5-swagger - 5.0,vsmoraes/swagger-ui-bundle - dev-nelmio_integration,raftx24/l5-swagger - 3.0.1,vjeantet/silex-simple-rest-swagger - no_fix,luracast/restler - 1.0.20,hasangilak/l5-swagger - 5.0,davigs/swagger-lume - 2.0,servicestack.api.swagger.signed - 4.5.12,iwanli/laravel5-swagger - no_fix,dandisy/laravel-generator - 1.2.7,jlapp/swaggervel - 1.0.x-dev,jym.identityserver.swagger - no_fix,pmvc-app/swagger_ui - no_fix,kizi/easyminer-easyminercenter - v2.0,mreko/l5-swagger - 3.0.1,raftx24/l5-swagger - v2.0,dandisy/webcore - 1.0.6,dandisy/adminlte-templates - 1.2.2,steamuloabeaujou/api-platform - v2.0.0-rc.1,dreamfactory/app-admin - 1.0.4,folksyfolks/l5-swagger - dev-upgrade-to-swagger-ui-4,imikemiller/l5-swagger-redoc - 4.0.1,flask-apispec - 0.4.0,hadeswang/jlapp-swaggervel - 1.0.x-dev,luracast/restler - 2.2.0,smskin/l5-swagger - 5.0,luracast/restler - 5.0.6,gajendrajain20/laravel-pioneer-cms - no_fix,digitalunited/wp-elastic-api - v0.1.4,darkaonline/l5-swagger - v2.0,firdaushatta/l5-swagger - dev-firdaushatta-patch-1,open-resource-manager/core - no_fix,servicestack.api.swagger - 4.5.12,libgraviton/swagger-ui - v1.0,helingfeng/l5-swagger - 5.0,cr3a7ure/core - dev-docminor,restler/framework - 5.0.6,darkaonline/l5-swagger - 3.0.1,rodchyn/api-platform-core - v2.0.0-rc.1,kubotak-is/l5-swagger - 4.0.1,ramzyvirani/laravel-boilerplate - dev-snyk-fix-6118335e7ee4db4dc6929725f8b9be70,latrell/swagger - 1.0.2,dandisy/laravel-generator - dev-dependabot/npm_and_yarn/templates/vuejs/js/eslint-4.19.1,imjarek/laravel-swagger - 5.0,servicestack.api.swagger.signed - 4.0.35,mreko/l5-swagger - 4.0.1,dolibarr/dolibarr - 9.0.0,mahmoodbabaei/etribes-code-challenge - no_fix,mymdz/l5-swagger - 5.0,bluzphp/skeleton - 2.0.2,kubotak-is/l5-swagger - v2.0,visiosoft/l5-swagger - 3.x-dev,yaangvu/swagger-lume - 2.0,damian-nz/l5-swagger - 3.2,laminas-api-tools/api-tools-documentation-swagger - 1.3.0,restler/framework - 4.0.0,jessekoska/swagger-lume - v2.0.24,zfcampus/zf-apigility-documentation-swagger - dev-master,flask-apispec - 0.7.0,api-platform/core - v2.0.0-rc.1,vsmoraes/swagger-ui-bundle - no_fix,activelamp/swagger-ui-bundle - dev-nelmio_integration,dennis1804/iq-swagger - dev-dependabot/composer/illuminate/support-approx-8.16,swagger-ui - 2.2.2,imikemiller/l5-swagger-redoc - v2.0,dhawton/l5-swagger-redoc - v2.0,darkaonline/l5-swagger - dev-upgrade-to-swagger-ui-4,sjje/swaggervel - dev-master,ci-blox/ignition-go - 1.0.0-beta.1,kubotak-is/l5-swagger - 3.0.1,riverslei/laravel-swagger - no_fix,dandisy/webcore-base - 1.0.0,jinsoft/laravel-swagger - no_fix,restler/framework - 5.07
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.
Publish Date: 2017-04-10
URL: CVE-2016-5682
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-p239-93f7-h6xf
Release Date: 2017-04-10
Fix Resolution: swagger-ui - 2.2.1
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
swagger-ui versions before 2.2.1 vulnerable to cross-site scripting via the url query string parameter.
Publish Date: 2026-05-19
URL: CVE-2016-1000239
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/137
Release Date: 2019-07-11
Fix Resolution: 2.2.1,gajendrajain20/laravel-pioneer-cms - no_fix,pharmit/swaggervel - 1.0.x-dev,dreamfactory/df-api-docs-ui - 1.1.0,swagger-ui - 2.2.2,dhawton/l5-swagger-redoc - v2.0,kizi/easyminer-easyminercenter - v2.0,firdaushatta/l5-swagger - dev-firdaushatta-patch-2,hos/hos-framework - no_fix,ernestoponce/slimproject - no_fix,api-platform/core - v2.0.0-rc.1,sjje/swaggervel - dev-master,dhawton/l5-swagger-redoc - 3.0.1,dreamfactory/app-admin - 1.0.4,swagger-ui - 2.2.2,folksyfolks/l5-swagger - 2.1,dreamfactory/app-admin - no_fix,yaangvu/swagger-lume - 2.0,dennis1804/iq-swagger - no_fix,open-resource-manager/core - no_fix,latrell/swagger - 1.0.2,smskin/l5-swagger - 5.0,damian-nz/l5-swagger - dev-master,digitalunited/wp-elastic-api - v0.1.2,raftx24/l5-swagger - 3.0.1,firdaushatta/l5-swagger - dev-upgrade-to-swagger-ui-4,dandisy/laravel-generator - 1.0.0,firdaushatta/l5-swagger - 5.0,mymdz/l5-swagger - 5.0,jym.identityserver.swagger - no_fix,darkaonline/l5-swagger - 3.0.1,digitalunited/wp-elastic-api - v0.1.4,vjeantet/silex-simple-rest-swagger - no_fix,rich2k/l5-swagger - 5.0,servicestack.api.swagger - 4.5.12,digitalunited/wp-elastic-api - v0.1,jjdoor/swagger-lume - 2.0,servicestack.api.swagger - 4.0.8,ci-blox/ignition-go - 1.0.0-beta.1,dandisy/webcore - 1.0.6,kbrabrand/silex-swagger-ui - no_fix,damian-nz/l5-swagger - 3.2,hadeswang/jlapp-swaggervel - 1.0.x-dev,keeko/developer-app - v0.2,dreamfactory/df-swagger-ui - 0.4.0,pmvc-app/swagger_ui - no_fix,hasangilak/l5-swagger - 5.0,servicestack.api.swagger - 4.0.35,darkaonline/l5-swagger - v2.0,alexmaramaldo/swaggervel-2 - no_fix,raftx24/l5-swagger - v2.0,sergeyfast/eazy-jsonrpc - no_fix,dhawton/l5-swagger-redoc - 4.0.1,imikemiller/l5-swagger-redoc - 3.0.1,zfcampus/zf-apigility-documentation-swagger - 1.3.0,zfcampus/zf-apigility-documentation-swagger - dev-master,dandisy/webcore-base - 1.0.0,helingfeng/l5-swagger - 5.0,kubotak-is/l5-swagger - v2.0,fxmonster/l5-swagger - 5.0,kubotak-is/l5-swagger - 3.0.1,laminas-api-tools/api-tools-documentation-swagger - 1.3.0,odn.swagger.net - no_fix,nservicekit.api.swagger - no_fix,jinsoft/laravel-swagger - no_fix,dreamfactory/df-swagger-ui - no_fix,libgraviton/swagger-ui - v1.0,flask-apispec - 0.7.0,flask-apispec - 0.7.0,juzaweb/l5-swagger - 5.0,dandisy/adminlte-templates - 1.2.2,cr3a7ure/core - no_fix,dandisy/laravel-generator - 1.2.7,fmarmo/swagger-lume - 2.0,sergeyfast/eazy-jsonrpc - v1.0,raftx24/l5-swagger - 4.0.1,flask-apispec - 0.4.0,folksyfolks/l5-swagger - 3.1.4,jlapp/swaggervel - 1.0.x-dev,cromwell - 0.30,iwanli/laravel5-swagger - no_fix,davigs/swagger-lume - 2.0,servicestack.api.swagger.signed - 4.0.35,imjarek/laravel-swagger - 5.0,activelamp/swagger-ui-bundle - dev-nelmio_integration,dandisy/laravel-generator - dev-dependabot/npm_and_yarn/templates/vuejs/js/eslint-4.19.1,pleio/pleio_rest - no_fix,dandisy/webcore-base - no_fix,cr3a7ure/core - dev-docminor,openrastaswagger - 1.0.3.21,rodchyn/api-platform-core - v2.0.0-rc.1,vsmoraes/swagger-ui-bundle - dev-nelmio_integration,mahmoodbabaei/etribes-code-challenge - no_fix,dennis1804/iq-swagger - dev-dependabot/composer/illuminate/support-approx-8.16,govtnz/swagger-ui - v1.0,mreko/l5-swagger - 3.0.1,bluzphp/skeleton - 2.0.2,jessekoska/swagger-lume - v2.0.24,darkaonline/l5-swagger - dev-upgrade-to-swagger-ui-4,imikemiller/l5-swagger-redoc - 4.0.1,riverslei/laravel-swagger - no_fix,kubotak-is/l5-swagger - 4.0.1,digitalunited/wp-elastic-api - v0.1.3,mreko/l5-swagger - 4.0.1,steamuloabeaujou/api-platform - v2.0.0-rc.1,ramzyvirani/laravel-boilerplate - dev-snyk-fix-6118335e7ee4db4dc6929725f8b9be70,imikemiller/l5-swagger-redoc - v2.0,flask-apispec - 0.4.0,folksyfolks/l5-swagger - dev-upgrade-to-swagger-ui-4,visiosoft/l5-swagger - 3.x-dev,mreko/l5-swagger - v2.0,firdaushatta/l5-swagger - dev-firdaushatta-patch-1,servicestack.api.swagger.signed - 4.5.12,vsmoraes/swagger-ui-bundle - no_fix
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
swagger-ui has XSS in key names
Publish Date: 2019-12-20
URL: CVE-2016-1000229
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/126
Release Date: 2019-12-20
Fix Resolution: 2.2.1
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
Affected versions of the package are vulnerable to Cross-site Scripting (XSS) due to not escaping html script tags.
Publish Date: 2026-05-19
URL: WS-2017-0143
CVSS 3 Score Details (5.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2016-09-01
Fix Resolution: 2.2.3,digitalunited/wp-elastic-api - v0.1,rich2k/l5-swagger - 5.0,open-resource-manager/core - no_fix,dolibarr/dolibarr - 9.0.0,fxmonster/l5-swagger - 5.0,dandisy/laravel-generator - dev-dependabot/npm_and_yarn/templates/vuejs/js/eslint-4.19.1,openrastaswagger - 1.0.3.21,dreamfactory/df-swagger-ui - 0.4.0,digitalunited/wp-elastic-api - v0.1.3,dandisy/webcore-base - 1.0.0,yaangvu/swagger-lume - 2.0,vsmoraes/swagger-ui-bundle - dev-nelmio_integration,smskin/l5-swagger - 5.0,luracast/restler - 2.2.0,folksyfolks/l5-swagger - dev-upgrade-to-swagger-ui-4,restler/framework - 5.0.6,swagger-ui - 2.0.3,darkaonline/l5-swagger - 3.0.1,firdaushatta/l5-swagger - 5.0,raftx24/l5-swagger - 4.0.1,riverslei/laravel-swagger - no_fix,dandisy/webcore-base - no_fix,activelamp/swagger-ui-bundle - dev-nelmio_integration,dhawton/l5-swagger-redoc - v2.0,folksyfolks/l5-swagger - 3.1.4,pleio/pleio_rest - no_fix,odn.swagger.net - no_fix,digitalunited/wp-elastic-api - v0.1.4,servicestack.api.swagger - 4.0.8,visiosoft/l5-swagger - 3.x-dev,rodchyn/api-platform-core - v2.0.0-rc.1,vswashbuckle.core - 1.0.1,imjarek/laravel-swagger - 5.0,firdaushatta/l5-swagger - dev-firdaushatta-patch-1,libgraviton/swagger-ui - v1.0,jlapp/swaggervel - 1.0.x-dev,luracast/restler - 5.07,swagger-ui - 2.0.3,laminas-api-tools/api-tools-documentation-swagger - 1.3.0,zfcampus/zf-apigility-documentation-swagger - dev-master,latrell/swagger - 1.0.2,servicestack.api.swagger.signed - 4.5.12,swagger-ui - 2.2.3,hasangilak/l5-swagger - 5.0,helingfeng/l5-swagger - 5.0,zfcampus/zf-apigility-documentation-swagger - 1.3.0,bluzphp/skeleton - 2.0.2,jjdoor/swagger-lume - 2.0,luracast/restler - 4.0.0,luracast/restler - 5.0.6,kbrabrand/silex-swagger-ui - no_fix,api-platform/core - v2.0.0-rc.1,fmarmo/swagger-lume - 2.0,servicestack.api.swagger.signed - 4.0.35,dreamfactory/df-api-docs-ui - 1.1.0,kizi/easyminer-easyminercenter - v2.0,vsmoraes/swagger-ui-bundle - no_fix,dreamfactory/app-admin - 1.0.4,gajendrajain20/laravel-pioneer-cms - no_fix,swagger-api/swagger-ui - v2.2.3,dandisy/webcore - 1.0.6,sergeyfast/eazy-jsonrpc - v1.0,cr3a7ure/core - dev-docminor,kubotak-is/l5-swagger - 4.0.1,luracast/restler - 1.0.20,folksyfolks/l5-swagger - 2.1,raftx24/l5-swagger - v2.0,kubotak-is/l5-swagger - 3.0.1,mreko/l5-swagger - 4.0.1,mymdz/l5-swagger - 5.0,vjeantet/silex-simple-rest-swagger - no_fix,mreko/l5-swagger - 3.0.1,dreamfactory/df-swagger-ui - no_fix,govtnz/swagger-ui - v1.0,ci-blox/ignition-go - 1.0.0-beta.1,hos/hos-framework - no_fix,pmvc-app/swagger_ui - no_fix,ernestoponce/slimproject - no_fix,jinsoft/laravel-swagger - no_fix,jym.identityserver.swagger - no_fix,dennis1804/iq-swagger - dev-dependabot/composer/illuminate/support-approx-8.16,steamuloabeaujou/api-platform - v2.0.0-rc.1,iwanli/laravel5-swagger - no_fix,davigs/swagger-lume - 2.0,restler/framework - 3.0.0-RC1,restler/framework - 4.0.0,kubotak-is/l5-swagger - v2.0,mreko/l5-swagger - v2.0,cr3a7ure/core - no_fix,sjje/swaggervel - dev-master,darkaonline/l5-swagger - v2.0,darkaonline/l5-swagger - dev-upgrade-to-swagger-ui-4,imikemiller/l5-swagger-redoc - 4.0.1,keeko/developer-app - v0.2,restler/framework - 5.07,mahmoodbabaei/etribes-code-challenge - no_fix,swagger-ui - 2.2.3,jessekoska/swagger-lume - v2.0.24,servicestack.api.swagger - 4.5.12,juzaweb/l5-swagger - 5.0,dennis1804/iq-swagger - no_fix,firdaushatta/l5-swagger - dev-firdaushatta-patch-2,ramzyvirani/laravel-boilerplate - dev-snyk-fix-6118335e7ee4db4dc6929725f8b9be70,digitalunited/wp-elastic-api - v0.1.2,firdaushatta/l5-swagger - dev-upgrade-to-swagger-ui-4,dhawton/l5-swagger-redoc - 3.0.1,damian-nz/l5-swagger - 3.2,dreamfactory/df-swagger-ui - v2.2.3,dhawton/l5-swagger-redoc - 4.0.1,dreamfactory/app-admin - no_fix,dandisy/adminlte-templates - 1.2.2,alexmaramaldo/swaggervel-2 - no_fix,hadeswang/jlapp-swaggervel - 1.0.x-dev,nservicekit.api.swagger - no_fix,dandisy/laravel-generator - 1.0.0,damian-nz/l5-swagger - dev-master,sergeyfast/eazy-jsonrpc - no_fix,servicestack.api.swagger - 4.0.35,pharmit/swaggervel - 1.0.x-dev,imikemiller/l5-swagger-redoc - v2.0,dandisy/laravel-generator - 1.2.7,raftx24/l5-swagger - 3.0.1,imikemiller/l5-swagger-redoc - 3.0.1
Vulnerable Library - swagger-ui-2.1.2.min.js
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982
Found in base branch: AltoroJ-3.2
Vulnerability Details
swagger-ui before 3.18.0 has Reverse Tabnapping vulnerability. using target='_blank' in anchor tags, allowing attackers to access window.opener for the original page.
Publish Date: 2026-05-14
URL: WS-2019-0171
CVSS 3 Score Details (4.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.mend.io/vulnerability-database/WS-2019-0171
Release Date: 2026-05-14
Fix Resolution: swagger-ui - 3.18.0,swagger-ui - 3.18.0