Smartbear Swagger Ui
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Smartbear Swagger Ui.
By the Year
In 2025 there have been 0 vulnerabilities in Smartbear Swagger Ui. Last year, in 2024 Swagger Ui had 1 security vulnerability published. Right now, Swagger Ui is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 1 | 5.30 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 5.20 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 9.80 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Swagger Ui vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Smartbear Swagger Ui Security Vulnerabilities
fastify-swagger-ui is a Fastify plugin for serving Swagger UI
CVE-2024-22207
5.3 - Medium
- January 15, 2024
fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability.
Insecure Default Initialization of Resource
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim
CVE-2021-46708
6.1 - Medium
- March 11, 2022
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
Clickjacking
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks
CVE-2018-25031
4.3 - Medium
- March 11, 2022
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others.
Improper Input Validation
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11
CVE-2019-17495
9.8 - Critical
- October 10, 2019
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.
Session Riding
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Oracle Utilities Framework or by Smartbear? Click the Watch button to subscribe.
