Yapi

Source repositories

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2024-33831	Ymfe Yapi	Hig	0.48	7.4	Apr 30, 2024	A stored cross-site scripting (XSS) vulnerability in the Advanced Expectation - Response module of yapi v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the body field.
CVE-2025-70060	Ymfe Yapi	Med	0.35	5.4	Mar 9, 2026	An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0.
CVE-2025-70059	Ymfe Yapi		0.00	—	Mar 9, 2026	An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service.
CVE-2025-70058	Ymfe Yapi		0.00	—	Feb 23, 2026	An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests

CVE-2024-33831HigApr 30, 2024
Ymfe
Yapi
risk 0.48cvss 7.4epss 0.00
A stored cross-site scripting (XSS) vulnerability in the Advanced Expectation - Response module of yapi v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the body field.
CVE-2025-70060MedMar 9, 2026
Ymfe
Yapi
risk 0.35cvss 5.4epss 0.00
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0.
CVE-2025-70059Mar 9, 2026
Ymfe
Yapi
risk 0.00cvss —epss 0.00
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service.
CVE-2025-70058Feb 23, 2026
Ymfe
Yapi
risk 0.00cvss —epss 0.00
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests