Smartbear Swagger Ui
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Smartbear Swagger Ui.
By the Year
In 2026 there have been 0 vulnerabilities in Smartbear Swagger Ui. Swagger Ui did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 5.30 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 5.20 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 0.00 |
It may take a day or so for new Swagger Ui vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Smartbear Swagger Ui Security Vulnerabilities
fastify-swagger-ui Directory Exposure via default config (<2.1.0)
CVE-2024-22207
5.3 - Medium
- January 15, 2024
fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability.
Insecure Default Initialization of Resource
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim
CVE-2021-46708
6.1 - Medium
- March 11, 2022
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
Clickjacking
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks
CVE-2018-25031
4.3 - Medium
- March 11, 2022
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others.
Insecure Storage of Sensitive Information
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11
CVE-2019-17495
- October 10, 2019
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Smartbear Swagger Ui or by Smartbear? Click the Watch button to subscribe.
