MAL-2026-1855 Malicious code in ssf-desktop-api-specification (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0b483f1c94deb76e7655d38cf4abdc31f984c39ed008ad293ea7614387704d3 The package ssf-desktop-api-specification was found to contain malicious code...

Malicious code in ssf-desktop-api-specification (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0b483f1c94deb76e7655d38cf4abdc31f984c39ed008ad293ea7614387704d3 The package ssf-desktop-api-specification was found to contain malicious code...

CVE-2026-22785

orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allo...

CVE-2025-69222

CVE-2025-69222 affects LibreChat (v0.8.1-rc2 and prior) with a server-side request forgery (SSRF) due to missing restrictions in the default Actions configuration. The issue arises because agents can be configured with predefined instructions and actions via OpenAPI, enabling access to arbitrary ...

EUVD-2018-0659

Malware in sbrugna...

API Specifications: Why, When, and How to Enforce Them

APIs facilitate communication between different software applications and power a wide range of everyday digital experiences, from weather apps to streaming services and everything in between. They are also a critical ingredient of AI. However, if not structured and standardized properly, APIs ca...

2023 OWASP Top-10 Series: API8:2023 Security Misconfiguration

Welcome to the 9th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API8:2023 Security Misconfiguration. In this series we are taking an in-depth look at each category – the details, the impact and...

K73710094: XSS vulnerability in undisclosed page of the NGINX Swagger UI

Security Advisory Description An issue in the swagger-ui, the third-party component bundled in the NGINX Plus packages, may expose an XSS security risk. The purpose of the swagger-ui is to provide interactive documentation for the API specification supplied in a swagger YAML file and used in the...

Adobe: DOM XSS at `https://adobedocs.github.io/OAE_PartnerAPI/?configUrl={site}` due to outdated Swagger UI

Vulnerability description not provided...

CVE-2021-42860

A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxmlstringgetc:2611. NOTE: it is unclear whether this input is allowed by the API specification...

CVE-2021-42860

Removed by vendor...

CVE-2020-36325

An issue was discovered in Jansson through 2.13.1. Due to a parsing error in jsonloads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification...

Design/Logic Flaw

An issue was discovered in Jansson through 2.13.1. Due to a parsing error in jsonloads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification...

CVE-2020-36325

An issue was discovered in Jansson through 2.13.1. Due to a parsing error in jsonloads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification...

CVE-2020-36325

An issue was discovered in Jansson through 2.13.1. Due to a parsing error in jsonloads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification...

API Discovery and Profiling -- Visibility to Protection

APIs have become a dominant mechanism in the modern web, allowing organizations to create powerful web and mobile experiences, while exposing back-end data and logic to create new and innovative offerings. Protecting internet-facing APIs -- an emerging practice over the past few years -- is the...

Design/Logic Flaw

A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...

CVE-2017-1000208

A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...

Design/Logic Flaw

A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...

CVE-2017-1000208

A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...