API Security Based on Automatic OpenAPI Mapping

This paper presents Map Reduce Graph MRG, a novel unsupervised method for modeling and securing HTTP REST APIs. MRG learns API structure from real-world traffic without prior knowledge or labels, automatically generating OpenAPI-compliant documentation by reconstructing routes, methods, and...

CVE-2026-33331

oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.9, a stored cross-site scripting XSS vulnerability exists in the OpenAPI documentation generation of orpc. If an attacker can control any field within the OpenAPI specificati...

Cross-site Scripting (XSS)

Overview @orpc/openapi is a Affected versions of this package are vulnerable to Cross-site Scripting XSS in the generation of OpenAPI documentation. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious payloads into controllable fields within th...

CVE-2026-33331 oRPC: Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify

oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.9, a stored cross-site scripting XSS vulnerability exists in the OpenAPI documentation generation of orpc. If an attacker can control any field within the OpenAPI specificati...

CVE-2026-33331 oRPC: Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify

oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.9, a stored cross-site scripting XSS vulnerability exists in the OpenAPI documentation generation of orpc. If an attacker can control any field within the OpenAPI specificati...

CVE-2026-33331 oRPC: Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify

oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.9, a stored cross-site scripting XSS vulnerability exists in the OpenAPI documentation generation of orpc. If an attacker can control any field within the OpenAPI specificati...

orpc 跨站脚本漏洞

Orpc is an open-source RPC and OpenAPI integration framework developed by MiddleAPI. Versions of Orpc prior to 1.13.9 contained a cross-site scripting vulnerability. This vulnerability stemmed from the OpenAPI documentation generation process, which included stored cross-site scripts. This could...

PT-2026-26754

Name of the Vulnerable Software and Affected Versions orpc versions prior to 1.13.9 Description orpc, a tool for building type-safe APIs adhering to OpenAPI standards, contains a stored cross-site scripting XSS issue in its OpenAPI documentation generation. An attacker controlling fields within t...

@apalchys/serverless-openapi-documentation (>=0.1.0 <=0.5.4), @conqa/serverless-openapi-documentation (>=1.0.1 <=1.0.4) +27 more potentially affected by CVE-2021-23396 via lutils (>=0.2.11 <=2.4.0)

lutils NPM version =0.2.11, =0.1.0, =1.0.1, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =2.0.9, =0.3.0, =0.0.1, =0.1.9 and more Source cves: CVE-2021-23396 Source advisory: OSV:GHSA-3R8W-MPHV-2F3F...

@apalchys/serverless-openapi-documentation (>=0.1.0 <=0.5.4), @conqa/serverless-openapi-documentation (>=1.0.1 <=1.0.4) +27 more potentially affected by CVE-2021-23396 via lutils (>=0.2.11 <=2.4.0)

lutils NPM version =0.2.11, =0.1.0, =1.0.1, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =2.0.9, =0.3.0, =0.0.1, =0.1.9 and more Source cves: CVE-2021-23396 Source advisory: SNYK:JS-LUTILS-1311023...