CVE-2021-21430

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...

CVE-2021-21428

Openapi generator is a java tool which allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation...

CVE-2020-15141

In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk...

CVE-2018-25031

Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parti...

ai.pipestream:quarkus-grpc-gatherer-deployment (>=0.1.0 <=0.1.1), ch.admin.bit.jeap:jeap-archrepo-importer-messagetype (>=1.10.0 <=1.23.0) +181 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (=7.1.0.202411261347-r)

org.eclipse.jgit:org.eclipse.jgit MAVEN version =7.1.0.202411261347-r is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.jgit:org.eclipse.jgit and may be impacted: - ai.pipestream:quarkus-grpc-gatherer-deployment =0.1.0, =1.10.0, =1.10.0,...

Privilege Chaining

Overview Affected versions of this package are vulnerable to Privilege Chaining through the spec.template.container configuration in the EventSource and Sensor custom resources. An attacker can gain privileged access to the host system and cluster by injecting commands into a container template...

SUSE CVE-2025-30153

kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131.0, when validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file e.g., a ZIP bomb, causing the server to consume all available system memory. The root...

Denial Of Service (DoS)

github.com/getkin/kin-openapi is vulnerable to Denial Of Service DoS. The vulnerability is due to the ZipFileBodyDecoder being automatically registered by the module, contrary to the documentation, allowing attackers to upload malicious ZIP files and cause excessive memory usage...

Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter

Summary When validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file e.g., a ZIP bomb, causing the server to consume all available system memory. Details The root cause comes from the ZipFileBodyDecoder, which is registere...

GHSA-WQ9G-9VFC-CFQ9 Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter

Summary When validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file e.g., a ZIP bomb, causing the server to consume all available system memory. Details The root cause comes from the ZipFileBodyDecoder, which is registere...

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification through the ZipFileBodyDecoder. An attacker can trigger an out-of-memory condition, leading to server crashes or degraded performance by uploading a specially crafted ZIP fi...

CVE-2025-30153

kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131.0, when validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file e.g., a ZIP bomb, causing the server to consume all available system memory. The root...

CVE-2025-30153 Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter

kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131.0, when validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file e.g., a ZIP bomb, causing the server to consume all available system memory. The root...

CVE-2025-30153 Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter

kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131.0, when validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file e.g., a ZIP bomb, causing the server to consume all available system memory. The root...

CVE-2025-30153 Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter

kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131.0, when validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file e.g., a ZIP bomb, causing the server to consume all available system memory. The root...

CVE-2025-30153

CVE-2025-30153 affects kin-openapi (Go) prior to 0.131.0. The issue occurs when validating a request with a multipart/form-data schema: if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file (e.g., a ZIP bomb) that causes the server to exhaust memory. The root cause is the Zip...

kin-openapi 安全漏洞

kin-openapi is a getkin open source implementation of OpenAPI 3.0 for Go parsing, transforming, validating, etc.. A security vulnerability exists in kin-openapi versions prior to 0.131.0, which stems from a potential memory exhaustion when processing multipart/form-data requests...

PT-2025-11700

Name of the Vulnerable Software and Affected Versions kin-openapi versions prior to 0.131.0 Description The issue arises when validating a request with a multipart/form-data schema. If the OpenAPI schema allows it, an attacker can upload a crafted ZIP file, such as a ZIP bomb, causing the server ...

API Specifications: Why, When, and How to Enforce Them

APIs facilitate communication between different software applications and power a wide range of everyday digital experiences, from weather apps to streaming services and everything in between. They are also a critical ingredient of AI. However, if not structured and standardized properly, APIs ca...

MAL-2025-1657 Malicious code in okta-sdk-php-openapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da144ffdf9eed05ec70b485602e1d3aeae40d312d6fd4eec8956422e2365bd0b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...