Skip to content

swagger-ui-2.1.2.min.js: 14 vulnerabilities (highest severity is: 9.8) #12

Description

@mend-for-github-com
Vulnerable Library - swagger-ui-2.1.2.min.js

Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API

Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js

Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982

Vulnerabilities

Vulnerability Severity CVSS Dependency Type Fixed in (swagger-ui version) Remediation Possible**
CVE-2019-17495 Critical 9.8 swagger-ui-2.1.2.min.js Direct swagger-ui - 3.23.11, io.springfox:springfox-swagger-ui:2.10.0
WS-2016-0034 High 7.3 swagger-ui-2.1.2.min.js Direct zfcampus/zf-apigility-documentation-swagger - 1.3.0,rich2k/l5-swagger - 3.x-dev,digitalunited/wp-elastic-api - v0.1.3,vsmoraes/swagger-ui-bundle - no_fix,servicestack.api.swagger - 4.0.8,steamuloabeaujou/api-platform - v2.0.0-rc.1,pleio/pleio_rest - no_fix,keeko/developer-app - v0.2,mahmoodbabaei/etribes-code-challenge - no_fix,kizi/easyminer-easyminercenter - v2.0,helingfeng/l5-swagger - 3.x-dev,luracast/restler - 4.0.0,sjje/swaggervel - dev-master,firdaushatta/l5-swagger - 3.2,luracast/restler - 5.0.6,hadeswang/jlapp-swaggervel - 1.0.x-dev,zfcampus/zf-apigility-documentation-swagger - dev-master,imjarek/laravel-swagger - 3.x-dev,juzaweb/l5-swagger - 3.x-dev,pharmit/swaggervel - 1.0.x-dev,rich2k/l5-swagger - 3.2,libgraviton/swagger-ui - v1.0,dreamfactory/app-admin - no_fix,swagger-ui - 2.1.5,digitalunited/wp-elastic-api - v0.1.2,hasangilak/l5-swagger - 3.x-dev,mymdz/l5-swagger - 3.x-dev,swagger-ui - 2.1.5,davigs/swagger-lume - 2.0,dandisy/webcore-base - no_fix,dolibarr/dolibarr - 9.0.0,activelamp/swagger-ui-bundle - dev-nelmio_integration,swagger-ui - 2.0.3,digitalunited/wp-elastic-api - v0.1.4,cr3a7ure/core - 2.1.x-dev,servicestack.api.swagger.signed - 4.0.35,bluzphp/skeleton - 2.0.2,servicestack.api.swagger - 4.0.35,hos/hos-framework - no_fix,damian-nz/l5-swagger - dev-master,restler/framework - 3.0.0-RC1,dandisy/adminlte-templates - 1.2.2,visiosoft/l5-swagger - 3.x-dev,odn.swagger.net - no_fix,vjeantet/silex-simple-rest-swagger - no_fix,smskin/l5-swagger - 3.2,vsmoraes/swagger-ui-bundle - dev-nelmio_integration,dandisy/webcore - 1.0.6,restler/framework - 5.0.6,hasangilak/l5-swagger - 3.2,api-platform/core - v2.0.0-rc.1,pmvc-app/swagger_ui - no_fix,jessekoska/swagger-lume - v2.0.24,iwanli/laravel5-swagger - no_fix,dreamfactory/app-admin - 1.0.4,firdaushatta/l5-swagger - 3.x-dev,fxmonster/l5-swagger - 3.x-dev,dennis1804/iq-swagger - no_fix,restler/framework - 4.0.0,yaangvu/swagger-lume - 2.0,folksyfolks/l5-swagger - 3.1.4,dandisy/laravel-generator - dev-dependabot/npm_and_yarn/templates/vuejs/js/eslint-4.19.1,dandisy/laravel-generator - 1.0.0,dandisy/webcore-base - 1.0.0,alexmaramaldo/swaggervel-2 - no_fix,ernestoponce/slimproject - no_fix,luracast/restler - 2.2.0,sergeyfast/eazy-jsonrpc - no_fix,dennis1804/iq-swagger - dev-dependabot/composer/illuminate/support-approx-8.16,imjarek/laravel-swagger - 3.2,jinsoft/laravel-swagger - no_fix,kbrabrand/silex-swagger-ui - no_fix,sergeyfast/eazy-jsonrpc - v1.0,ramzyvirani/laravel-boilerplate - dev-snyk-fix-6118335e7ee4db4dc6929725f8b9be70,swagger-ui - 2.0.3,helingfeng/l5-swagger - 3.2,jjdoor/swagger-lume - 2.0,jlapp/swaggervel - 1.0.x-dev,nservicekit.api.swagger - no_fix,jym.identityserver.swagger - no_fix,smskin/l5-swagger - 3.x-dev,fxmonster/l5-swagger - 3.2,rodchyn/api-platform-core - v2.0.0-rc.1,restler/framework - 5.07,openrastaswagger - 1.0.3.21,fmarmo/swagger-lume - 2.0,v2.1.5,ci-blox/ignition-go - 1.0.0-beta.1,luracast/restler - 1.0.20,digitalunited/wp-elastic-api - v0.1,juzaweb/l5-swagger - 3.2,laminas-api-tools/api-tools-documentation-swagger - 1.3.0,riverslei/laravel-swagger - no_fix,dandisy/laravel-generator - 1.2.7,damian-nz/l5-swagger - 3.2,damian-nz/l5-swagger - 2.0.x-dev,mymdz/l5-swagger - 3.2,luracast/restler - 5.07
CVE-2016-1000226 High 7.3 swagger-ui-2.1.2.min.js Direct swagger-ui - 2.2.1
WS-2019-0172 Medium 6.5 swagger-ui-2.1.2.min.js Direct swagger-ui - 3.20.9,swagger-api/swagger-ui - v/3.18.0,swagger-ui - 3.20.9,kevupton/auto-swagger-ui - v0.0.1,swagger-api/swagger-ui - dev-dependabot/npm_and_yarn/dompurify-3.0.8,zhaojunlike/think-swagger - 1.0.0,esandri/swagger-ui-big - v2.0.0,swagger-api/swagger-ui - dev-fix/xml-oneOf,swagger-api/swagger-ui - dev-issue-5148,dreamfactory/df-swagger-ui - 3.3.1,swagger-api/swagger-ui - dev-dependabot/npm_and_yarn/babel/runtime-corejs3-7.22.3,westhack/think-swagger - no_fix,3.20.9,swagger-api/swagger-ui - 3.3.1,swagger-api/swagger-ui - dev-fix-null-value-parsing,dreamfactory/df-swagger-ui - 0.2.0,dreamfactory/df-swagger-ui - v1.0,swagger-api/swagger-ui - dev-facelift,esandri/swagger-ui-big - v3.0.0,swagger-api/swagger-ui - dev-dependabot/npm_and_yarn/mocha-9.0.2,swagger-api/swagger-ui - v3.20.9,esandri/swagger-ui-big - no_fix,westhack/think-swagger - 1.0.0,kevupton/auto-swagger-ui - no_fix
CVE-2016-1000233 Medium 6.5 swagger-ui-2.1.2.min.js Direct 2.2.1
WS-2019-0236 Medium 6.1 swagger-ui-2.1.2.min.js Direct swagger-ui - 3.0.13,swagger-ui - 3.0.13
WS-2019-0235 Medium 6.1 swagger-ui-2.1.2.min.js Direct swagger-ui - 2.2.0,swagger-ui - 2.2.0
WS-2019-0234 Medium 6.1 swagger-ui-2.1.2.min.js Direct 2.2.1,rich2k/l5-swagger - 5.0,raftx24/l5-swagger - 4.0.1,swagger-ui - 2.2.2,mreko/l5-swagger - v2.0,pleio/pleio_rest - no_fix,restler/framework - 3.0.0-RC1,folksyfolks/l5-swagger - 2.1,servicestack.api.swagger - 4.0.8,imikemiller/l5-swagger-redoc - 3.0.1,kbrabrand/silex-swagger-ui - no_fix,dandisy/laravel-generator - 1.0.0,hos/hos-framework - no_fix,fxmonster/l5-swagger - 5.0,vswashbuckle.core - 1.0.1,servicestack.api.swagger - 4.0.35,folksyfolks/l5-swagger - 3.1.4,firdaushatta/l5-swagger - dev-upgrade-to-swagger-ui-4,odn.swagger.net - no_fix,sergeyfast/eazy-jsonrpc - no_fix,pharmit/swaggervel - 1.0.x-dev,digitalunited/wp-elastic-api - v0.1,damian-nz/l5-swagger - dev-master,firdaushatta/l5-swagger - dev-firdaushatta-patch-2,flask-apispec - 0.7.0,cromwell - 0.30,digitalunited/wp-elastic-api - v0.1.3,jjdoor/swagger-lume - 2.0,luracast/restler - 4.0.0,dhawton/l5-swagger-redoc - 3.0.1,ernestoponce/slimproject - no_fix,luracast/restler - 5.07,cr3a7ure/core - no_fix,dhawton/l5-swagger-redoc - 4.0.1,dreamfactory/app-admin - no_fix,nservicekit.api.swagger - no_fix,flask-apispec - 0.4.0,keeko/developer-app - v0.2,juzaweb/l5-swagger - 5.0,fmarmo/swagger-lume - 2.0,alexmaramaldo/swaggervel-2 - no_fix,openrastaswagger - 1.0.3.21,dennis1804/iq-swagger - no_fix,zfcampus/zf-apigility-documentation-swagger - 1.3.0,dandisy/webcore-base - no_fix,digitalunited/wp-elastic-api - v0.1.2,sergeyfast/eazy-jsonrpc - v1.0,firdaushatta/l5-swagger - 5.0,vsmoraes/swagger-ui-bundle - dev-nelmio_integration,raftx24/l5-swagger - 3.0.1,vjeantet/silex-simple-rest-swagger - no_fix,luracast/restler - 1.0.20,hasangilak/l5-swagger - 5.0,davigs/swagger-lume - 2.0,servicestack.api.swagger.signed - 4.5.12,iwanli/laravel5-swagger - no_fix,dandisy/laravel-generator - 1.2.7,jlapp/swaggervel - 1.0.x-dev,jym.identityserver.swagger - no_fix,pmvc-app/swagger_ui - no_fix,kizi/easyminer-easyminercenter - v2.0,mreko/l5-swagger - 3.0.1,raftx24/l5-swagger - v2.0,dandisy/webcore - 1.0.6,dandisy/adminlte-templates - 1.2.2,steamuloabeaujou/api-platform - v2.0.0-rc.1,dreamfactory/app-admin - 1.0.4,folksyfolks/l5-swagger - dev-upgrade-to-swagger-ui-4,imikemiller/l5-swagger-redoc - 4.0.1,flask-apispec - 0.4.0,hadeswang/jlapp-swaggervel - 1.0.x-dev,luracast/restler - 2.2.0,smskin/l5-swagger - 5.0,luracast/restler - 5.0.6,gajendrajain20/laravel-pioneer-cms - no_fix,digitalunited/wp-elastic-api - v0.1.4,darkaonline/l5-swagger - v2.0,firdaushatta/l5-swagger - dev-firdaushatta-patch-1,open-resource-manager/core - no_fix,servicestack.api.swagger - 4.5.12,libgraviton/swagger-ui - v1.0,helingfeng/l5-swagger - 5.0,cr3a7ure/core - dev-docminor,restler/framework - 5.0.6,darkaonline/l5-swagger - 3.0.1,rodchyn/api-platform-core - v2.0.0-rc.1,kubotak-is/l5-swagger - 4.0.1,ramzyvirani/laravel-boilerplate - dev-snyk-fix-6118335e7ee4db4dc6929725f8b9be70,latrell/swagger - 1.0.2,dandisy/laravel-generator - dev-dependabot/npm_and_yarn/templates/vuejs/js/eslint-4.19.1,imjarek/laravel-swagger - 5.0,servicestack.api.swagger.signed - 4.0.35,mreko/l5-swagger - 4.0.1,dolibarr/dolibarr - 9.0.0,mahmoodbabaei/etribes-code-challenge - no_fix,mymdz/l5-swagger - 5.0,bluzphp/skeleton - 2.0.2,kubotak-is/l5-swagger - v2.0,visiosoft/l5-swagger - 3.x-dev,yaangvu/swagger-lume - 2.0,damian-nz/l5-swagger - 3.2,laminas-api-tools/api-tools-documentation-swagger - 1.3.0,restler/framework - 4.0.0,jessekoska/swagger-lume - v2.0.24,zfcampus/zf-apigility-documentation-swagger - dev-master,flask-apispec - 0.7.0,api-platform/core - v2.0.0-rc.1,vsmoraes/swagger-ui-bundle - no_fix,activelamp/swagger-ui-bundle - dev-nelmio_integration,dennis1804/iq-swagger - dev-dependabot/composer/illuminate/support-approx-8.16,swagger-ui - 2.2.2,imikemiller/l5-swagger-redoc - v2.0,dhawton/l5-swagger-redoc - v2.0,darkaonline/l5-swagger - dev-upgrade-to-swagger-ui-4,sjje/swaggervel - dev-master,ci-blox/ignition-go - 1.0.0-beta.1,kubotak-is/l5-swagger - 3.0.1,riverslei/laravel-swagger - no_fix,dandisy/webcore-base - 1.0.0,jinsoft/laravel-swagger - no_fix,restler/framework - 5.07
CVE-2016-5682 Medium 6.1 swagger-ui-2.1.2.min.js Direct swagger-ui - 2.2.1
CVE-2016-1000239 Medium 6.1 swagger-ui-2.1.2.min.js Direct 2.2.1,gajendrajain20/laravel-pioneer-cms - no_fix,pharmit/swaggervel - 1.0.x-dev,dreamfactory/df-api-docs-ui - 1.1.0,swagger-ui - 2.2.2,dhawton/l5-swagger-redoc - v2.0,kizi/easyminer-easyminercenter - v2.0,firdaushatta/l5-swagger - dev-firdaushatta-patch-2,hos/hos-framework - no_fix,ernestoponce/slimproject - no_fix,api-platform/core - v2.0.0-rc.1,sjje/swaggervel - dev-master,dhawton/l5-swagger-redoc - 3.0.1,dreamfactory/app-admin - 1.0.4,swagger-ui - 2.2.2,folksyfolks/l5-swagger - 2.1,dreamfactory/app-admin - no_fix,yaangvu/swagger-lume - 2.0,dennis1804/iq-swagger - no_fix,open-resource-manager/core - no_fix,latrell/swagger - 1.0.2,smskin/l5-swagger - 5.0,damian-nz/l5-swagger - dev-master,digitalunited/wp-elastic-api - v0.1.2,raftx24/l5-swagger - 3.0.1,firdaushatta/l5-swagger - dev-upgrade-to-swagger-ui-4,dandisy/laravel-generator - 1.0.0,firdaushatta/l5-swagger - 5.0,mymdz/l5-swagger - 5.0,jym.identityserver.swagger - no_fix,darkaonline/l5-swagger - 3.0.1,digitalunited/wp-elastic-api - v0.1.4,vjeantet/silex-simple-rest-swagger - no_fix,rich2k/l5-swagger - 5.0,servicestack.api.swagger - 4.5.12,digitalunited/wp-elastic-api - v0.1,jjdoor/swagger-lume - 2.0,servicestack.api.swagger - 4.0.8,ci-blox/ignition-go - 1.0.0-beta.1,dandisy/webcore - 1.0.6,kbrabrand/silex-swagger-ui - no_fix,damian-nz/l5-swagger - 3.2,hadeswang/jlapp-swaggervel - 1.0.x-dev,keeko/developer-app - v0.2,dreamfactory/df-swagger-ui - 0.4.0,pmvc-app/swagger_ui - no_fix,hasangilak/l5-swagger - 5.0,servicestack.api.swagger - 4.0.35,darkaonline/l5-swagger - v2.0,alexmaramaldo/swaggervel-2 - no_fix,raftx24/l5-swagger - v2.0,sergeyfast/eazy-jsonrpc - no_fix,dhawton/l5-swagger-redoc - 4.0.1,imikemiller/l5-swagger-redoc - 3.0.1,zfcampus/zf-apigility-documentation-swagger - 1.3.0,zfcampus/zf-apigility-documentation-swagger - dev-master,dandisy/webcore-base - 1.0.0,helingfeng/l5-swagger - 5.0,kubotak-is/l5-swagger - v2.0,fxmonster/l5-swagger - 5.0,kubotak-is/l5-swagger - 3.0.1,laminas-api-tools/api-tools-documentation-swagger - 1.3.0,odn.swagger.net - no_fix,nservicekit.api.swagger - no_fix,jinsoft/laravel-swagger - no_fix,dreamfactory/df-swagger-ui - no_fix,libgraviton/swagger-ui - v1.0,flask-apispec - 0.7.0,flask-apispec - 0.7.0,juzaweb/l5-swagger - 5.0,dandisy/adminlte-templates - 1.2.2,cr3a7ure/core - no_fix,dandisy/laravel-generator - 1.2.7,fmarmo/swagger-lume - 2.0,sergeyfast/eazy-jsonrpc - v1.0,raftx24/l5-swagger - 4.0.1,flask-apispec - 0.4.0,folksyfolks/l5-swagger - 3.1.4,jlapp/swaggervel - 1.0.x-dev,cromwell - 0.30,iwanli/laravel5-swagger - no_fix,davigs/swagger-lume - 2.0,servicestack.api.swagger.signed - 4.0.35,imjarek/laravel-swagger - 5.0,activelamp/swagger-ui-bundle - dev-nelmio_integration,dandisy/laravel-generator - dev-dependabot/npm_and_yarn/templates/vuejs/js/eslint-4.19.1,pleio/pleio_rest - no_fix,dandisy/webcore-base - no_fix,cr3a7ure/core - dev-docminor,openrastaswagger - 1.0.3.21,rodchyn/api-platform-core - v2.0.0-rc.1,vsmoraes/swagger-ui-bundle - dev-nelmio_integration,mahmoodbabaei/etribes-code-challenge - no_fix,dennis1804/iq-swagger - dev-dependabot/composer/illuminate/support-approx-8.16,govtnz/swagger-ui - v1.0,mreko/l5-swagger - 3.0.1,bluzphp/skeleton - 2.0.2,jessekoska/swagger-lume - v2.0.24,darkaonline/l5-swagger - dev-upgrade-to-swagger-ui-4,imikemiller/l5-swagger-redoc - 4.0.1,riverslei/laravel-swagger - no_fix,kubotak-is/l5-swagger - 4.0.1,digitalunited/wp-elastic-api - v0.1.3,mreko/l5-swagger - 4.0.1,steamuloabeaujou/api-platform - v2.0.0-rc.1,ramzyvirani/laravel-boilerplate - dev-snyk-fix-6118335e7ee4db4dc6929725f8b9be70,imikemiller/l5-swagger-redoc - v2.0,flask-apispec - 0.4.0,folksyfolks/l5-swagger - dev-upgrade-to-swagger-ui-4,visiosoft/l5-swagger - 3.x-dev,mreko/l5-swagger - v2.0,firdaushatta/l5-swagger - dev-firdaushatta-patch-1,servicestack.api.swagger.signed - 4.5.12,vsmoraes/swagger-ui-bundle - no_fix
CVE-2016-1000229 Medium 6.1 swagger-ui-2.1.2.min.js Direct 2.2.1
WS-2017-0143 Medium 5.4 swagger-ui-2.1.2.min.js Direct 2.2.3,digitalunited/wp-elastic-api - v0.1,rich2k/l5-swagger - 5.0,open-resource-manager/core - no_fix,dolibarr/dolibarr - 9.0.0,fxmonster/l5-swagger - 5.0,dandisy/laravel-generator - dev-dependabot/npm_and_yarn/templates/vuejs/js/eslint-4.19.1,openrastaswagger - 1.0.3.21,dreamfactory/df-swagger-ui - 0.4.0,digitalunited/wp-elastic-api - v0.1.3,dandisy/webcore-base - 1.0.0,yaangvu/swagger-lume - 2.0,vsmoraes/swagger-ui-bundle - dev-nelmio_integration,smskin/l5-swagger - 5.0,luracast/restler - 2.2.0,folksyfolks/l5-swagger - dev-upgrade-to-swagger-ui-4,restler/framework - 5.0.6,swagger-ui - 2.0.3,darkaonline/l5-swagger - 3.0.1,firdaushatta/l5-swagger - 5.0,raftx24/l5-swagger - 4.0.1,riverslei/laravel-swagger - no_fix,dandisy/webcore-base - no_fix,activelamp/swagger-ui-bundle - dev-nelmio_integration,dhawton/l5-swagger-redoc - v2.0,folksyfolks/l5-swagger - 3.1.4,pleio/pleio_rest - no_fix,odn.swagger.net - no_fix,digitalunited/wp-elastic-api - v0.1.4,servicestack.api.swagger - 4.0.8,visiosoft/l5-swagger - 3.x-dev,rodchyn/api-platform-core - v2.0.0-rc.1,vswashbuckle.core - 1.0.1,imjarek/laravel-swagger - 5.0,firdaushatta/l5-swagger - dev-firdaushatta-patch-1,libgraviton/swagger-ui - v1.0,jlapp/swaggervel - 1.0.x-dev,luracast/restler - 5.07,swagger-ui - 2.0.3,laminas-api-tools/api-tools-documentation-swagger - 1.3.0,zfcampus/zf-apigility-documentation-swagger - dev-master,latrell/swagger - 1.0.2,servicestack.api.swagger.signed - 4.5.12,swagger-ui - 2.2.3,hasangilak/l5-swagger - 5.0,helingfeng/l5-swagger - 5.0,zfcampus/zf-apigility-documentation-swagger - 1.3.0,bluzphp/skeleton - 2.0.2,jjdoor/swagger-lume - 2.0,luracast/restler - 4.0.0,luracast/restler - 5.0.6,kbrabrand/silex-swagger-ui - no_fix,api-platform/core - v2.0.0-rc.1,fmarmo/swagger-lume - 2.0,servicestack.api.swagger.signed - 4.0.35,dreamfactory/df-api-docs-ui - 1.1.0,kizi/easyminer-easyminercenter - v2.0,vsmoraes/swagger-ui-bundle - no_fix,dreamfactory/app-admin - 1.0.4,gajendrajain20/laravel-pioneer-cms - no_fix,swagger-api/swagger-ui - v2.2.3,dandisy/webcore - 1.0.6,sergeyfast/eazy-jsonrpc - v1.0,cr3a7ure/core - dev-docminor,kubotak-is/l5-swagger - 4.0.1,luracast/restler - 1.0.20,folksyfolks/l5-swagger - 2.1,raftx24/l5-swagger - v2.0,kubotak-is/l5-swagger - 3.0.1,mreko/l5-swagger - 4.0.1,mymdz/l5-swagger - 5.0,vjeantet/silex-simple-rest-swagger - no_fix,mreko/l5-swagger - 3.0.1,dreamfactory/df-swagger-ui - no_fix,govtnz/swagger-ui - v1.0,ci-blox/ignition-go - 1.0.0-beta.1,hos/hos-framework - no_fix,pmvc-app/swagger_ui - no_fix,ernestoponce/slimproject - no_fix,jinsoft/laravel-swagger - no_fix,jym.identityserver.swagger - no_fix,dennis1804/iq-swagger - dev-dependabot/composer/illuminate/support-approx-8.16,steamuloabeaujou/api-platform - v2.0.0-rc.1,iwanli/laravel5-swagger - no_fix,davigs/swagger-lume - 2.0,restler/framework - 3.0.0-RC1,restler/framework - 4.0.0,kubotak-is/l5-swagger - v2.0,mreko/l5-swagger - v2.0,cr3a7ure/core - no_fix,sjje/swaggervel - dev-master,darkaonline/l5-swagger - v2.0,darkaonline/l5-swagger - dev-upgrade-to-swagger-ui-4,imikemiller/l5-swagger-redoc - 4.0.1,keeko/developer-app - v0.2,restler/framework - 5.07,mahmoodbabaei/etribes-code-challenge - no_fix,swagger-ui - 2.2.3,jessekoska/swagger-lume - v2.0.24,servicestack.api.swagger - 4.5.12,juzaweb/l5-swagger - 5.0,dennis1804/iq-swagger - no_fix,firdaushatta/l5-swagger - dev-firdaushatta-patch-2,ramzyvirani/laravel-boilerplate - dev-snyk-fix-6118335e7ee4db4dc6929725f8b9be70,digitalunited/wp-elastic-api - v0.1.2,firdaushatta/l5-swagger - dev-upgrade-to-swagger-ui-4,dhawton/l5-swagger-redoc - 3.0.1,damian-nz/l5-swagger - 3.2,dreamfactory/df-swagger-ui - v2.2.3,dhawton/l5-swagger-redoc - 4.0.1,dreamfactory/app-admin - no_fix,dandisy/adminlte-templates - 1.2.2,alexmaramaldo/swaggervel-2 - no_fix,hadeswang/jlapp-swaggervel - 1.0.x-dev,nservicekit.api.swagger - no_fix,dandisy/laravel-generator - 1.0.0,damian-nz/l5-swagger - dev-master,sergeyfast/eazy-jsonrpc - no_fix,servicestack.api.swagger - 4.0.35,pharmit/swaggervel - 1.0.x-dev,imikemiller/l5-swagger-redoc - v2.0,dandisy/laravel-generator - 1.2.7,raftx24/l5-swagger - 3.0.1,imikemiller/l5-swagger-redoc - 3.0.1
WS-2019-0171 Medium 4.3 swagger-ui-2.1.2.min.js Direct swagger-ui - 3.18.0,swagger-ui - 3.18.0
CVE-2018-25031 Medium 4.3 swagger-ui-2.1.2.min.js Direct swagger-ui - 4.1.3;swagger-ui-dist - 4.1.3

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

Partial details (13 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.

CVE-2019-17495

Vulnerable Library - swagger-ui-2.1.2.min.js

Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API

Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js

Dependency Hierarchy:

  • swagger-ui-2.1.2.min.js (Vulnerable Library)

Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982

Found in base branch: AltoroJ-3.2

Vulnerability Details

A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@⁠import within the JSON data was a functional attack method.

Publish Date: 2019-10-10

URL: CVE-2019-17495

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/maven/io.springfox/springfox-swagger-ui/CVE-2019-17495.yml

Release Date: 2019-10-10

Fix Resolution: swagger-ui - 3.23.11, io.springfox:springfox-swagger-ui:2.10.0

WS-2016-0034

Vulnerable Library - swagger-ui-2.1.2.min.js

Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API

Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js

Dependency Hierarchy:

  • swagger-ui-2.1.2.min.js (Vulnerable Library)

Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982

Found in base branch: AltoroJ-3.2

Vulnerability Details

Swagger-ui has vulnerability when "Produces" and "consumes" Content-types in schema are not escaped and allow XSS

Publish Date: 2026-05-19

URL: WS-2016-0034

CVSS 3 Score Details (7.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.mend.io/vulnerability-database/WS-2016-0034

Release Date: 2026-05-14

Fix Resolution: zfcampus/zf-apigility-documentation-swagger - 1.3.0,rich2k/l5-swagger - 3.x-dev,digitalunited/wp-elastic-api - v0.1.3,vsmoraes/swagger-ui-bundle - no_fix,servicestack.api.swagger - 4.0.8,steamuloabeaujou/api-platform - v2.0.0-rc.1,pleio/pleio_rest - no_fix,keeko/developer-app - v0.2,mahmoodbabaei/etribes-code-challenge - no_fix,kizi/easyminer-easyminercenter - v2.0,helingfeng/l5-swagger - 3.x-dev,luracast/restler - 4.0.0,sjje/swaggervel - dev-master,firdaushatta/l5-swagger - 3.2,luracast/restler - 5.0.6,hadeswang/jlapp-swaggervel - 1.0.x-dev,zfcampus/zf-apigility-documentation-swagger - dev-master,imjarek/laravel-swagger - 3.x-dev,juzaweb/l5-swagger - 3.x-dev,pharmit/swaggervel - 1.0.x-dev,rich2k/l5-swagger - 3.2,libgraviton/swagger-ui - v1.0,dreamfactory/app-admin - no_fix,swagger-ui - 2.1.5,digitalunited/wp-elastic-api - v0.1.2,hasangilak/l5-swagger - 3.x-dev,mymdz/l5-swagger - 3.x-dev,swagger-ui - 2.1.5,davigs/swagger-lume - 2.0,dandisy/webcore-base - no_fix,dolibarr/dolibarr - 9.0.0,activelamp/swagger-ui-bundle - dev-nelmio_integration,swagger-ui - 2.0.3,digitalunited/wp-elastic-api - v0.1.4,cr3a7ure/core - 2.1.x-dev,servicestack.api.swagger.signed - 4.0.35,bluzphp/skeleton - 2.0.2,servicestack.api.swagger - 4.0.35,hos/hos-framework - no_fix,damian-nz/l5-swagger - dev-master,restler/framework - 3.0.0-RC1,dandisy/adminlte-templates - 1.2.2,visiosoft/l5-swagger - 3.x-dev,odn.swagger.net - no_fix,vjeantet/silex-simple-rest-swagger - no_fix,smskin/l5-swagger - 3.2,vsmoraes/swagger-ui-bundle - dev-nelmio_integration,dandisy/webcore - 1.0.6,restler/framework - 5.0.6,hasangilak/l5-swagger - 3.2,api-platform/core - v2.0.0-rc.1,pmvc-app/swagger_ui - no_fix,jessekoska/swagger-lume - v2.0.24,iwanli/laravel5-swagger - no_fix,dreamfactory/app-admin - 1.0.4,firdaushatta/l5-swagger - 3.x-dev,fxmonster/l5-swagger - 3.x-dev,dennis1804/iq-swagger - no_fix,restler/framework - 4.0.0,yaangvu/swagger-lume - 2.0,folksyfolks/l5-swagger - 3.1.4,dandisy/laravel-generator - dev-dependabot/npm_and_yarn/templates/vuejs/js/eslint-4.19.1,dandisy/laravel-generator - 1.0.0,dandisy/webcore-base - 1.0.0,alexmaramaldo/swaggervel-2 - no_fix,ernestoponce/slimproject - no_fix,luracast/restler - 2.2.0,sergeyfast/eazy-jsonrpc - no_fix,dennis1804/iq-swagger - dev-dependabot/composer/illuminate/support-approx-8.16,imjarek/laravel-swagger - 3.2,jinsoft/laravel-swagger - no_fix,kbrabrand/silex-swagger-ui - no_fix,sergeyfast/eazy-jsonrpc - v1.0,ramzyvirani/laravel-boilerplate - dev-snyk-fix-6118335e7ee4db4dc6929725f8b9be70,swagger-ui - 2.0.3,helingfeng/l5-swagger - 3.2,jjdoor/swagger-lume - 2.0,jlapp/swaggervel - 1.0.x-dev,nservicekit.api.swagger - no_fix,jym.identityserver.swagger - no_fix,smskin/l5-swagger - 3.x-dev,fxmonster/l5-swagger - 3.2,rodchyn/api-platform-core - v2.0.0-rc.1,restler/framework - 5.07,openrastaswagger - 1.0.3.21,fmarmo/swagger-lume - 2.0,v2.1.5,ci-blox/ignition-go - 1.0.0-beta.1,luracast/restler - 1.0.20,digitalunited/wp-elastic-api - v0.1,juzaweb/l5-swagger - 3.2,laminas-api-tools/api-tools-documentation-swagger - 1.3.0,riverslei/laravel-swagger - no_fix,dandisy/laravel-generator - 1.2.7,damian-nz/l5-swagger - 3.2,damian-nz/l5-swagger - 2.0.x-dev,mymdz/l5-swagger - 3.2,luracast/restler - 5.07

CVE-2016-1000226

Vulnerable Library - swagger-ui-2.1.2.min.js

Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API

Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js

Dependency Hierarchy:

  • swagger-ui-2.1.2.min.js (Vulnerable Library)

Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982

Found in base branch: AltoroJ-3.2

Vulnerability Details

Affected versions of "swagger-ui" are vulnerable to cross-site scripting in both the "consumes" and "produces" parameters of the swagger JSON document for a given API. Additionally, "swagger-ui" allows users to load arbitrary swagger JSON documents via the query string parameter "url", allowing an attacker to exploit this attack against any user that the attacker can convince to visit a crafted link. Proof of Concept http://<USER_HOSTNAME>/swagger-ui/index.html?url=http://<MALICIOUS_HOSTNAME>/malicious-swagger-file.json Recommendation Update to version 2.2.1 or later.

Publish Date: 2026-05-14

URL: CVE-2016-1000226

CVSS 3 Score Details (7.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-7f59-x49p-v8mq

Release Date: 2026-05-14

Fix Resolution: swagger-ui - 2.2.1

WS-2019-0172

Vulnerable Library - swagger-ui-2.1.2.min.js

Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API

Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js

Dependency Hierarchy:

  • swagger-ui-2.1.2.min.js (Vulnerable Library)

Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982

Found in base branch: AltoroJ-3.2

Vulnerability Details

swagger-ui before 3.20.9 fails to sanitize URLs used in the OAuth auth flow, which may allow attackers to execute arbitrary JavaScript. that leads to Cross-Site Scripting

Publish Date: 2026-05-27

URL: WS-2019-0172

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.mend.io/vulnerability-database/WS-2019-0172

Release Date: 2026-05-14

Fix Resolution: swagger-ui - 3.20.9,swagger-api/swagger-ui - v/3.18.0,swagger-ui - 3.20.9,kevupton/auto-swagger-ui - v0.0.1,swagger-api/swagger-ui - dev-dependabot/npm_and_yarn/dompurify-3.0.8,zhaojunlike/think-swagger - 1.0.0,esandri/swagger-ui-big - v2.0.0,swagger-api/swagger-ui - dev-fix/xml-oneOf,swagger-api/swagger-ui - dev-issue-5148,dreamfactory/df-swagger-ui - 3.3.1,swagger-api/swagger-ui - dev-dependabot/npm_and_yarn/babel/runtime-corejs3-7.22.3,westhack/think-swagger - no_fix,3.20.9,swagger-api/swagger-ui - 3.3.1,swagger-api/swagger-ui - dev-fix-null-value-parsing,dreamfactory/df-swagger-ui - 0.2.0,dreamfactory/df-swagger-ui - v1.0,swagger-api/swagger-ui - dev-facelift,esandri/swagger-ui-big - v3.0.0,swagger-api/swagger-ui - dev-dependabot/npm_and_yarn/mocha-9.0.2,swagger-api/swagger-ui - v3.20.9,esandri/swagger-ui-big - no_fix,westhack/think-swagger - 1.0.0,kevupton/auto-swagger-ui - no_fix

CVE-2016-1000233

Vulnerable Library - swagger-ui-2.1.2.min.js

Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API

Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js

Dependency Hierarchy:

  • swagger-ui-2.1.2.min.js (Vulnerable Library)

Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982

Found in base branch: AltoroJ-3.2

Vulnerability Details

Affected versions of "swagger-ui" are vulnerable to cross-site scripting. This vulnerability exists because "swagger-ui" automatically executes external Javascript that is loaded in via the "url" query string parameter when a "Content-Type: application/javascript" header is included. An attacker can create a server that replies with a malicious script and the proper content-type, and then craft a "swagger-ui" URL that includes the location to their server/script in the "url" query string parameter. When viewed, such a link would execute the attacker's malicious script. Recommendation Update to 2.2.1 or later.

Publish Date: 2026-05-19

URL: CVE-2016-1000233

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082

Release Date: 2024-11-03

Fix Resolution: 2.2.1

WS-2019-0236

Vulnerable Library - swagger-ui-2.1.2.min.js

Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API

Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js

Dependency Hierarchy:

  • swagger-ui-2.1.2.min.js (Vulnerable Library)

Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982

Found in base branch: AltoroJ-3.2

Vulnerability Details

swagger-ui versions before 3.0.13 are vulnerable to XSS when it fails to sanitize YAML files imported from URLs or copied-pasted. This may allow attackers to execute arbitrary JavaScript.

Publish Date: 2026-05-14

URL: WS-2019-0236

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.mend.io/vulnerability-database/WS-2019-0236

Release Date: 2026-05-14

Fix Resolution: swagger-ui - 3.0.13,swagger-ui - 3.0.13

WS-2019-0235

Vulnerable Library - swagger-ui-2.1.2.min.js

Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API

Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js

Dependency Hierarchy:

  • swagger-ui-2.1.2.min.js (Vulnerable Library)

Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982

Found in base branch: AltoroJ-3.2

Vulnerability Details

swagger-ui versions before 2.2.1 are vulnerable to XSS when it fails to encode output in GET requests. The request is meant to respond with Content-Type application/json which does not trigger the vulnerability but if the web server changes the header to text/html it may allow attackers to execute arbitrary JavaScript.

Publish Date: 2026-05-14

URL: WS-2019-0235

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.mend.io/vulnerability-database/WS-2019-0235

Release Date: 2026-05-14

Fix Resolution: swagger-ui - 2.2.0,swagger-ui - 2.2.0

WS-2019-0234

Vulnerable Library - swagger-ui-2.1.2.min.js

Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API

Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js

Dependency Hierarchy:

  • swagger-ui-2.1.2.min.js (Vulnerable Library)

Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982

Found in base branch: AltoroJ-3.2

Vulnerability Details

swagger-ui versions before 2.2.1 are vulnerable to XSS when allowing HTML code in the swagger.apiInfo.description value without proper sanitization, which may allow attackers to execute arbitrary JavaScript.

Publish Date: 2026-05-19

URL: WS-2019-0234

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082

Release Date: 2015-01-28

Fix Resolution: 2.2.1,rich2k/l5-swagger - 5.0,raftx24/l5-swagger - 4.0.1,swagger-ui - 2.2.2,mreko/l5-swagger - v2.0,pleio/pleio_rest - no_fix,restler/framework - 3.0.0-RC1,folksyfolks/l5-swagger - 2.1,servicestack.api.swagger - 4.0.8,imikemiller/l5-swagger-redoc - 3.0.1,kbrabrand/silex-swagger-ui - no_fix,dandisy/laravel-generator - 1.0.0,hos/hos-framework - no_fix,fxmonster/l5-swagger - 5.0,vswashbuckle.core - 1.0.1,servicestack.api.swagger - 4.0.35,folksyfolks/l5-swagger - 3.1.4,firdaushatta/l5-swagger - dev-upgrade-to-swagger-ui-4,odn.swagger.net - no_fix,sergeyfast/eazy-jsonrpc - no_fix,pharmit/swaggervel - 1.0.x-dev,digitalunited/wp-elastic-api - v0.1,damian-nz/l5-swagger - dev-master,firdaushatta/l5-swagger - dev-firdaushatta-patch-2,flask-apispec - 0.7.0,cromwell - 0.30,digitalunited/wp-elastic-api - v0.1.3,jjdoor/swagger-lume - 2.0,luracast/restler - 4.0.0,dhawton/l5-swagger-redoc - 3.0.1,ernestoponce/slimproject - no_fix,luracast/restler - 5.07,cr3a7ure/core - no_fix,dhawton/l5-swagger-redoc - 4.0.1,dreamfactory/app-admin - no_fix,nservicekit.api.swagger - no_fix,flask-apispec - 0.4.0,keeko/developer-app - v0.2,juzaweb/l5-swagger - 5.0,fmarmo/swagger-lume - 2.0,alexmaramaldo/swaggervel-2 - no_fix,openrastaswagger - 1.0.3.21,dennis1804/iq-swagger - no_fix,zfcampus/zf-apigility-documentation-swagger - 1.3.0,dandisy/webcore-base - no_fix,digitalunited/wp-elastic-api - v0.1.2,sergeyfast/eazy-jsonrpc - v1.0,firdaushatta/l5-swagger - 5.0,vsmoraes/swagger-ui-bundle - dev-nelmio_integration,raftx24/l5-swagger - 3.0.1,vjeantet/silex-simple-rest-swagger - no_fix,luracast/restler - 1.0.20,hasangilak/l5-swagger - 5.0,davigs/swagger-lume - 2.0,servicestack.api.swagger.signed - 4.5.12,iwanli/laravel5-swagger - no_fix,dandisy/laravel-generator - 1.2.7,jlapp/swaggervel - 1.0.x-dev,jym.identityserver.swagger - no_fix,pmvc-app/swagger_ui - no_fix,kizi/easyminer-easyminercenter - v2.0,mreko/l5-swagger - 3.0.1,raftx24/l5-swagger - v2.0,dandisy/webcore - 1.0.6,dandisy/adminlte-templates - 1.2.2,steamuloabeaujou/api-platform - v2.0.0-rc.1,dreamfactory/app-admin - 1.0.4,folksyfolks/l5-swagger - dev-upgrade-to-swagger-ui-4,imikemiller/l5-swagger-redoc - 4.0.1,flask-apispec - 0.4.0,hadeswang/jlapp-swaggervel - 1.0.x-dev,luracast/restler - 2.2.0,smskin/l5-swagger - 5.0,luracast/restler - 5.0.6,gajendrajain20/laravel-pioneer-cms - no_fix,digitalunited/wp-elastic-api - v0.1.4,darkaonline/l5-swagger - v2.0,firdaushatta/l5-swagger - dev-firdaushatta-patch-1,open-resource-manager/core - no_fix,servicestack.api.swagger - 4.5.12,libgraviton/swagger-ui - v1.0,helingfeng/l5-swagger - 5.0,cr3a7ure/core - dev-docminor,restler/framework - 5.0.6,darkaonline/l5-swagger - 3.0.1,rodchyn/api-platform-core - v2.0.0-rc.1,kubotak-is/l5-swagger - 4.0.1,ramzyvirani/laravel-boilerplate - dev-snyk-fix-6118335e7ee4db4dc6929725f8b9be70,latrell/swagger - 1.0.2,dandisy/laravel-generator - dev-dependabot/npm_and_yarn/templates/vuejs/js/eslint-4.19.1,imjarek/laravel-swagger - 5.0,servicestack.api.swagger.signed - 4.0.35,mreko/l5-swagger - 4.0.1,dolibarr/dolibarr - 9.0.0,mahmoodbabaei/etribes-code-challenge - no_fix,mymdz/l5-swagger - 5.0,bluzphp/skeleton - 2.0.2,kubotak-is/l5-swagger - v2.0,visiosoft/l5-swagger - 3.x-dev,yaangvu/swagger-lume - 2.0,damian-nz/l5-swagger - 3.2,laminas-api-tools/api-tools-documentation-swagger - 1.3.0,restler/framework - 4.0.0,jessekoska/swagger-lume - v2.0.24,zfcampus/zf-apigility-documentation-swagger - dev-master,flask-apispec - 0.7.0,api-platform/core - v2.0.0-rc.1,vsmoraes/swagger-ui-bundle - no_fix,activelamp/swagger-ui-bundle - dev-nelmio_integration,dennis1804/iq-swagger - dev-dependabot/composer/illuminate/support-approx-8.16,swagger-ui - 2.2.2,imikemiller/l5-swagger-redoc - v2.0,dhawton/l5-swagger-redoc - v2.0,darkaonline/l5-swagger - dev-upgrade-to-swagger-ui-4,sjje/swaggervel - dev-master,ci-blox/ignition-go - 1.0.0-beta.1,kubotak-is/l5-swagger - 3.0.1,riverslei/laravel-swagger - no_fix,dandisy/webcore-base - 1.0.0,jinsoft/laravel-swagger - no_fix,restler/framework - 5.07

CVE-2016-5682

Vulnerable Library - swagger-ui-2.1.2.min.js

Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API

Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js

Dependency Hierarchy:

  • swagger-ui-2.1.2.min.js (Vulnerable Library)

Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982

Found in base branch: AltoroJ-3.2

Vulnerability Details

Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.

Publish Date: 2017-04-10

URL: CVE-2016-5682

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-p239-93f7-h6xf

Release Date: 2017-04-10

Fix Resolution: swagger-ui - 2.2.1

CVE-2016-1000239

Vulnerable Library - swagger-ui-2.1.2.min.js

Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API

Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js

Dependency Hierarchy:

  • swagger-ui-2.1.2.min.js (Vulnerable Library)

Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982

Found in base branch: AltoroJ-3.2

Vulnerability Details

swagger-ui versions before 2.2.1 vulnerable to cross-site scripting via the url query string parameter.

Publish Date: 2026-05-19

URL: CVE-2016-1000239

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/137

Release Date: 2019-07-11

Fix Resolution: 2.2.1,gajendrajain20/laravel-pioneer-cms - no_fix,pharmit/swaggervel - 1.0.x-dev,dreamfactory/df-api-docs-ui - 1.1.0,swagger-ui - 2.2.2,dhawton/l5-swagger-redoc - v2.0,kizi/easyminer-easyminercenter - v2.0,firdaushatta/l5-swagger - dev-firdaushatta-patch-2,hos/hos-framework - no_fix,ernestoponce/slimproject - no_fix,api-platform/core - v2.0.0-rc.1,sjje/swaggervel - dev-master,dhawton/l5-swagger-redoc - 3.0.1,dreamfactory/app-admin - 1.0.4,swagger-ui - 2.2.2,folksyfolks/l5-swagger - 2.1,dreamfactory/app-admin - no_fix,yaangvu/swagger-lume - 2.0,dennis1804/iq-swagger - no_fix,open-resource-manager/core - no_fix,latrell/swagger - 1.0.2,smskin/l5-swagger - 5.0,damian-nz/l5-swagger - dev-master,digitalunited/wp-elastic-api - v0.1.2,raftx24/l5-swagger - 3.0.1,firdaushatta/l5-swagger - dev-upgrade-to-swagger-ui-4,dandisy/laravel-generator - 1.0.0,firdaushatta/l5-swagger - 5.0,mymdz/l5-swagger - 5.0,jym.identityserver.swagger - no_fix,darkaonline/l5-swagger - 3.0.1,digitalunited/wp-elastic-api - v0.1.4,vjeantet/silex-simple-rest-swagger - no_fix,rich2k/l5-swagger - 5.0,servicestack.api.swagger - 4.5.12,digitalunited/wp-elastic-api - v0.1,jjdoor/swagger-lume - 2.0,servicestack.api.swagger - 4.0.8,ci-blox/ignition-go - 1.0.0-beta.1,dandisy/webcore - 1.0.6,kbrabrand/silex-swagger-ui - no_fix,damian-nz/l5-swagger - 3.2,hadeswang/jlapp-swaggervel - 1.0.x-dev,keeko/developer-app - v0.2,dreamfactory/df-swagger-ui - 0.4.0,pmvc-app/swagger_ui - no_fix,hasangilak/l5-swagger - 5.0,servicestack.api.swagger - 4.0.35,darkaonline/l5-swagger - v2.0,alexmaramaldo/swaggervel-2 - no_fix,raftx24/l5-swagger - v2.0,sergeyfast/eazy-jsonrpc - no_fix,dhawton/l5-swagger-redoc - 4.0.1,imikemiller/l5-swagger-redoc - 3.0.1,zfcampus/zf-apigility-documentation-swagger - 1.3.0,zfcampus/zf-apigility-documentation-swagger - dev-master,dandisy/webcore-base - 1.0.0,helingfeng/l5-swagger - 5.0,kubotak-is/l5-swagger - v2.0,fxmonster/l5-swagger - 5.0,kubotak-is/l5-swagger - 3.0.1,laminas-api-tools/api-tools-documentation-swagger - 1.3.0,odn.swagger.net - no_fix,nservicekit.api.swagger - no_fix,jinsoft/laravel-swagger - no_fix,dreamfactory/df-swagger-ui - no_fix,libgraviton/swagger-ui - v1.0,flask-apispec - 0.7.0,flask-apispec - 0.7.0,juzaweb/l5-swagger - 5.0,dandisy/adminlte-templates - 1.2.2,cr3a7ure/core - no_fix,dandisy/laravel-generator - 1.2.7,fmarmo/swagger-lume - 2.0,sergeyfast/eazy-jsonrpc - v1.0,raftx24/l5-swagger - 4.0.1,flask-apispec - 0.4.0,folksyfolks/l5-swagger - 3.1.4,jlapp/swaggervel - 1.0.x-dev,cromwell - 0.30,iwanli/laravel5-swagger - no_fix,davigs/swagger-lume - 2.0,servicestack.api.swagger.signed - 4.0.35,imjarek/laravel-swagger - 5.0,activelamp/swagger-ui-bundle - dev-nelmio_integration,dandisy/laravel-generator - dev-dependabot/npm_and_yarn/templates/vuejs/js/eslint-4.19.1,pleio/pleio_rest - no_fix,dandisy/webcore-base - no_fix,cr3a7ure/core - dev-docminor,openrastaswagger - 1.0.3.21,rodchyn/api-platform-core - v2.0.0-rc.1,vsmoraes/swagger-ui-bundle - dev-nelmio_integration,mahmoodbabaei/etribes-code-challenge - no_fix,dennis1804/iq-swagger - dev-dependabot/composer/illuminate/support-approx-8.16,govtnz/swagger-ui - v1.0,mreko/l5-swagger - 3.0.1,bluzphp/skeleton - 2.0.2,jessekoska/swagger-lume - v2.0.24,darkaonline/l5-swagger - dev-upgrade-to-swagger-ui-4,imikemiller/l5-swagger-redoc - 4.0.1,riverslei/laravel-swagger - no_fix,kubotak-is/l5-swagger - 4.0.1,digitalunited/wp-elastic-api - v0.1.3,mreko/l5-swagger - 4.0.1,steamuloabeaujou/api-platform - v2.0.0-rc.1,ramzyvirani/laravel-boilerplate - dev-snyk-fix-6118335e7ee4db4dc6929725f8b9be70,imikemiller/l5-swagger-redoc - v2.0,flask-apispec - 0.4.0,folksyfolks/l5-swagger - dev-upgrade-to-swagger-ui-4,visiosoft/l5-swagger - 3.x-dev,mreko/l5-swagger - v2.0,firdaushatta/l5-swagger - dev-firdaushatta-patch-1,servicestack.api.swagger.signed - 4.5.12,vsmoraes/swagger-ui-bundle - no_fix

CVE-2016-1000229

Vulnerable Library - swagger-ui-2.1.2.min.js

Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API

Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js

Dependency Hierarchy:

  • swagger-ui-2.1.2.min.js (Vulnerable Library)

Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982

Found in base branch: AltoroJ-3.2

Vulnerability Details

swagger-ui has XSS in key names

Publish Date: 2019-12-20

URL: CVE-2016-1000229

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/126

Release Date: 2019-12-20

Fix Resolution: 2.2.1

WS-2017-0143

Vulnerable Library - swagger-ui-2.1.2.min.js

Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API

Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js

Dependency Hierarchy:

  • swagger-ui-2.1.2.min.js (Vulnerable Library)

Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982

Found in base branch: AltoroJ-3.2

Vulnerability Details

Affected versions of the package are vulnerable to Cross-site Scripting (XSS) due to not escaping html script tags.

Publish Date: 2026-05-19

URL: WS-2017-0143

CVSS 3 Score Details (5.4)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2016-09-01

Fix Resolution: 2.2.3,digitalunited/wp-elastic-api - v0.1,rich2k/l5-swagger - 5.0,open-resource-manager/core - no_fix,dolibarr/dolibarr - 9.0.0,fxmonster/l5-swagger - 5.0,dandisy/laravel-generator - dev-dependabot/npm_and_yarn/templates/vuejs/js/eslint-4.19.1,openrastaswagger - 1.0.3.21,dreamfactory/df-swagger-ui - 0.4.0,digitalunited/wp-elastic-api - v0.1.3,dandisy/webcore-base - 1.0.0,yaangvu/swagger-lume - 2.0,vsmoraes/swagger-ui-bundle - dev-nelmio_integration,smskin/l5-swagger - 5.0,luracast/restler - 2.2.0,folksyfolks/l5-swagger - dev-upgrade-to-swagger-ui-4,restler/framework - 5.0.6,swagger-ui - 2.0.3,darkaonline/l5-swagger - 3.0.1,firdaushatta/l5-swagger - 5.0,raftx24/l5-swagger - 4.0.1,riverslei/laravel-swagger - no_fix,dandisy/webcore-base - no_fix,activelamp/swagger-ui-bundle - dev-nelmio_integration,dhawton/l5-swagger-redoc - v2.0,folksyfolks/l5-swagger - 3.1.4,pleio/pleio_rest - no_fix,odn.swagger.net - no_fix,digitalunited/wp-elastic-api - v0.1.4,servicestack.api.swagger - 4.0.8,visiosoft/l5-swagger - 3.x-dev,rodchyn/api-platform-core - v2.0.0-rc.1,vswashbuckle.core - 1.0.1,imjarek/laravel-swagger - 5.0,firdaushatta/l5-swagger - dev-firdaushatta-patch-1,libgraviton/swagger-ui - v1.0,jlapp/swaggervel - 1.0.x-dev,luracast/restler - 5.07,swagger-ui - 2.0.3,laminas-api-tools/api-tools-documentation-swagger - 1.3.0,zfcampus/zf-apigility-documentation-swagger - dev-master,latrell/swagger - 1.0.2,servicestack.api.swagger.signed - 4.5.12,swagger-ui - 2.2.3,hasangilak/l5-swagger - 5.0,helingfeng/l5-swagger - 5.0,zfcampus/zf-apigility-documentation-swagger - 1.3.0,bluzphp/skeleton - 2.0.2,jjdoor/swagger-lume - 2.0,luracast/restler - 4.0.0,luracast/restler - 5.0.6,kbrabrand/silex-swagger-ui - no_fix,api-platform/core - v2.0.0-rc.1,fmarmo/swagger-lume - 2.0,servicestack.api.swagger.signed - 4.0.35,dreamfactory/df-api-docs-ui - 1.1.0,kizi/easyminer-easyminercenter - v2.0,vsmoraes/swagger-ui-bundle - no_fix,dreamfactory/app-admin - 1.0.4,gajendrajain20/laravel-pioneer-cms - no_fix,swagger-api/swagger-ui - v2.2.3,dandisy/webcore - 1.0.6,sergeyfast/eazy-jsonrpc - v1.0,cr3a7ure/core - dev-docminor,kubotak-is/l5-swagger - 4.0.1,luracast/restler - 1.0.20,folksyfolks/l5-swagger - 2.1,raftx24/l5-swagger - v2.0,kubotak-is/l5-swagger - 3.0.1,mreko/l5-swagger - 4.0.1,mymdz/l5-swagger - 5.0,vjeantet/silex-simple-rest-swagger - no_fix,mreko/l5-swagger - 3.0.1,dreamfactory/df-swagger-ui - no_fix,govtnz/swagger-ui - v1.0,ci-blox/ignition-go - 1.0.0-beta.1,hos/hos-framework - no_fix,pmvc-app/swagger_ui - no_fix,ernestoponce/slimproject - no_fix,jinsoft/laravel-swagger - no_fix,jym.identityserver.swagger - no_fix,dennis1804/iq-swagger - dev-dependabot/composer/illuminate/support-approx-8.16,steamuloabeaujou/api-platform - v2.0.0-rc.1,iwanli/laravel5-swagger - no_fix,davigs/swagger-lume - 2.0,restler/framework - 3.0.0-RC1,restler/framework - 4.0.0,kubotak-is/l5-swagger - v2.0,mreko/l5-swagger - v2.0,cr3a7ure/core - no_fix,sjje/swaggervel - dev-master,darkaonline/l5-swagger - v2.0,darkaonline/l5-swagger - dev-upgrade-to-swagger-ui-4,imikemiller/l5-swagger-redoc - 4.0.1,keeko/developer-app - v0.2,restler/framework - 5.07,mahmoodbabaei/etribes-code-challenge - no_fix,swagger-ui - 2.2.3,jessekoska/swagger-lume - v2.0.24,servicestack.api.swagger - 4.5.12,juzaweb/l5-swagger - 5.0,dennis1804/iq-swagger - no_fix,firdaushatta/l5-swagger - dev-firdaushatta-patch-2,ramzyvirani/laravel-boilerplate - dev-snyk-fix-6118335e7ee4db4dc6929725f8b9be70,digitalunited/wp-elastic-api - v0.1.2,firdaushatta/l5-swagger - dev-upgrade-to-swagger-ui-4,dhawton/l5-swagger-redoc - 3.0.1,damian-nz/l5-swagger - 3.2,dreamfactory/df-swagger-ui - v2.2.3,dhawton/l5-swagger-redoc - 4.0.1,dreamfactory/app-admin - no_fix,dandisy/adminlte-templates - 1.2.2,alexmaramaldo/swaggervel-2 - no_fix,hadeswang/jlapp-swaggervel - 1.0.x-dev,nservicekit.api.swagger - no_fix,dandisy/laravel-generator - 1.0.0,damian-nz/l5-swagger - dev-master,sergeyfast/eazy-jsonrpc - no_fix,servicestack.api.swagger - 4.0.35,pharmit/swaggervel - 1.0.x-dev,imikemiller/l5-swagger-redoc - v2.0,dandisy/laravel-generator - 1.2.7,raftx24/l5-swagger - 3.0.1,imikemiller/l5-swagger-redoc - 3.0.1

WS-2019-0171

Vulnerable Library - swagger-ui-2.1.2.min.js

Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API

Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.1.2/swagger-ui.min.js

Dependency Hierarchy:

  • swagger-ui-2.1.2.min.js (Vulnerable Library)

Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982

Found in base branch: AltoroJ-3.2

Vulnerability Details

swagger-ui before 3.18.0 has Reverse Tabnapping vulnerability. using target='_blank' in anchor tags, allowing attackers to access window.opener for the original page.

Publish Date: 2026-05-14

URL: WS-2019-0171

CVSS 3 Score Details (4.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.mend.io/vulnerability-database/WS-2019-0171

Release Date: 2026-05-14

Fix Resolution: swagger-ui - 3.18.0,swagger-ui - 3.18.0

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions