Skip to main content

Yapi

5 CVEs product

Monthly

CVE-2025-70060 MEDIUM This Month

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0. [CVSS 5.4 MEDIUM]

XSS Yapi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-70059 HIGH This Week

An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service. [CVSS 7.5 HIGH]

Denial Of Service Yapi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-70058 npm HIGH This Week

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests [CVSS 7.4 HIGH]

TLS Yapi
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2021-27884 npm MEDIUM PATCH This Month

Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure Yapi
NVD GitHub
CVSS 3.1
5.1
EPSS
0.3%
CVE-2018-17574 npm MEDIUM POC PATCH This Month

An issue was discovered in YMFE YApi 1.3.23. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yapi
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
EPSS 0% CVSS 5.4
MEDIUM This Month

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0. [CVSS 5.4 MEDIUM]

XSS Yapi
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service. [CVSS 7.5 HIGH]

Denial Of Service Yapi
NVD GitHub
EPSS 0% CVSS 7.4
HIGH This Week

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests [CVSS 7.4 HIGH]

TLS Yapi
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure Yapi
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

An issue was discovered in YMFE YApi 1.3.23. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yapi
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy