npm/yapi-vendor — 4 CVEs

HIGH7.4CVE-2025-70058yapi disables TLS/SSL certificate validation via rejectUnauthorized: false in Axios HTTPS agent

from 0, <= 1.12.0

MEDIUM5.4CVE-2021-36686Cross-site Scripting in yapi-vendor

from 0, <= 1.9.1

MEDIUM5.4CVE-2018-17574Cross-site Scripting in yapi-vendor

from 0, < 1.3.23

MEDIUM5.1Weak JSON Web Token in yapi-vendor

from 0, < 1.9.3

pkg:npm/yapi-vendor