pkg:npm/yapi-vendor

4 total CVEsHIGH1MEDIUM3

✅ Check your installed version

All known vulnerabilities

  • HIGH7.4CVE-2025-70058yapi disables TLS/SSL certificate validation via rejectUnauthorized: false in Axios HTTPS agent
    from 0, <= 1.12.0
  • MEDIUM5.4CVE-2021-36686Cross-site Scripting in yapi-vendor
    from 0, <= 1.9.1
  • MEDIUM5.4CVE-2018-17574Cross-site Scripting in yapi-vendor
    from 0, < 1.3.23
  • MEDIUM5.1CVE-2021-27884Weak JSON Web Token in yapi-vendor
    from 0, < 1.9.3