Yapi

yapi

Vendor: Ymfe • 6 CVEs

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-70060 1Ymfe 1Yapi May 10, 2026 Mar 9, 2026 N/A· v4 5.4 MEDIUM· v3 N/A· v2 An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0.
CVE-2025-70059 1Ymfe 1Yapi Mar 13, 2026 Mar 9, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service.
CVE-2025-70058 1Ymfe 1Yapi Feb 26, 2026 Feb 23, 2026 N/A· v4 7.4 HIGH· v3 N/A· v2 An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent confi...Show more An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requestsShow less
CVE-2021-36686 1Ymfe 1Yapi Apr 1, 2025 Jan 26, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page.
CVE-2021-27884 1Ymfe 1Yapi Nov 21, 2024 Mar 1, 2021 N/A· v4 5.1 MEDIUM· v3 3.6 LOW· v2 Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used.
CVE-2018-17574 1Ymfe 1Yapi Nov 21, 2024 Sep 28, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project.