Swagger-ui CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2016-5682	1 Smartbear	1 Swagger-ui	2025-04-20	6.1 Medium
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.
CVE-2021-46708	1 Smartbear	1 Swagger-ui-dist	2024-11-21	6.1 Medium
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
CVE-2016-1000229	2 Redhat, Smartbear	4 Jboss Amq, Jboss Fuse, Openshift and 1 more	2024-11-21	6.1 Medium
swagger-ui has XSS in key names

Page 1 of 1.