Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency ajv version 5.5.2 with the following vulnerabilities:
CVE-2020-15366, Severity: MEDIUM, Source: https://github.com/advisories/GHSA-v88g-cgmw-v5xw
CVSS score: 5.6, CVSS exploitability score: 2.2
Dependency Tree:
speccy@0.11.0
├── oas-validator@3.4.0
│ └── ajv@5.5.2
└── redoc@2.0.0-rc.8-1
└── swagger2openapi@5.4.0
└── oas-validator@3.4.0
└── ajv@5.5.2
Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency dompurify version 1.0.11 with the following vulnerabilities:
CVE-2024-48910, Severity: CRITICAL, Source: https://github.com/advisories/GHSA-p3vf-v8qc-cwcr
CVSS score: 9.8, CVSS exploitability score: 3.9
GHSA-mjjq-c88q-qhr6, Severity: CRITICAL, Source: https://github.com/advisories/GHSA-mjjq-c88q-qhr6
CVE-2024-45801, Severity: HIGH, Source: https://github.com/advisories/GHSA-mmhx-hmjr-r674
CVSS score: 6.1, CVSS exploitability score: 2.8
CVE-2024-47875, Severity: HIGH, Source: https://github.com/advisories/GHSA-gx9m-whjm-85jf
CVSS score: 6.1, CVSS exploitability score: 2.8
Has public exploit
CVE-2019-16728, Severity: MEDIUM, Source: https://github.com/advisories/GHSA-chqj-j4fh-rw7m
CVSS score: 6.1, CVSS exploitability score: 2.8
Has public exploit
CVE-2020-26870, Severity: MEDIUM, Source: https://github.com/advisories/GHSA-63q7-h895-m982
CVSS score: 6.1, CVSS exploitability score: 2.8
Has public exploit
CVE-2025-26791, Severity: MEDIUM, Source: https://github.com/advisories/GHSA-vhxf-7vqr-mrjg
CVSS score: 6.1, CVSS exploitability score: 2.8
Has public exploit
Dependency Tree:
speccy@0.11.0
└── redoc@2.0.0-rc.8-1
└── dompurify@1.0.11
Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency ejs version 2.7.4 with the following vulnerabilities:
CVE-2024-33883, Severity: MEDIUM, Source: https://github.com/advisories/GHSA-ghr5-ch3p-vcr6
CVSS score: 4, CVSS exploitability score: 2.5
Dependency Tree:
speccy@0.11.0
└── ejs@2.7.4
Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency jsonpointer version 4.1.0 with the following vulnerabilities:
CVE-2021-23807, Severity: MEDIUM, Source: https://github.com/advisories/GHSA-282f-qqgm-c34q
CVSS score: 9.8, CVSS exploitability score: 3.9
Has public exploit
Dependency Tree:
speccy@0.11.0
├── oas-validator@3.4.0
│ └── better-ajv-errors@0.6.7
│ └── jsonpointer@4.1.0
└── redoc@2.0.0-rc.8-1
└── swagger2openapi@5.4.0
└── oas-validator@3.4.0
└── better-ajv-errors@0.6.7
└── jsonpointer@4.1.0
Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency marked version 0.6.3 with the following vulnerabilities:
CVE-2022-21680, Severity: HIGH, Source: https://github.com/advisories/GHSA-rrrm-qjm4-v8hf
CVSS score: 7.5, CVSS exploitability score: 3.9
Has public exploit
CVE-2022-21681, Severity: HIGH, Source: https://github.com/advisories/GHSA-5v2h-r2cx-5xgj
CVSS score: 7.5, CVSS exploitability score: 3.9
Has public exploit
GHSA-ch52-vgq2-943f, Severity: LOW, Source: https://github.com/advisories/GHSA-ch52-vgq2-943f
Dependency Tree:
speccy@0.11.0
└── redoc@2.0.0-rc.8-1
└── marked@0.6.3
Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency min-document version 2.19.0 with the following vulnerabilities:
CVE-2025-57352, Severity: LOW, Source: https://github.com/advisories/GHSA-rx8g-88g5-qh64
CVSS score: 5.3, CVSS exploitability score: 3.9
Dependency Tree:
speccy@0.11.0
└── redoc@2.0.0-rc.8-1
└── react-hot-loader@4.13.1
└── global@4.4.0
└── min-document@2.19.0
Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency nconf version 0.10.0 with the following vulnerabilities:
CVE-2022-21803, Severity: HIGH, Source: https://github.com/advisories/GHSA-6xwr-q98w-rvg7
CVSS score: 7.5, CVSS exploitability score: 3.9
Has public exploit
Dependency Tree:
speccy@0.11.0
└── nconf@0.10.0
Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency yargs-parser version 11.1.1 with the following vulnerabilities:
CVE-2020-7608, Severity: MEDIUM, Source: https://github.com/advisories/GHSA-p9pc-299p-vxgp
CVSS score: 5.3, CVSS exploitability score: 1.8
Has public exploit
Dependency Tree:
speccy@0.11.0
└── redoc@2.0.0-rc.8-1
└── swagger2openapi@5.4.0
└── yargs@12.0.5
└── yargs-parser@11.1.1
Speccyis abonded: wework/speccy#485Probably replacement: https://github.com/stoplightio/spectral
Scan results:
Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency ajv version 5.5.2 with the following vulnerabilities: CVE-2020-15366, Severity: MEDIUM, Source: https://github.com/advisories/GHSA-v88g-cgmw-v5xw CVSS score: 5.6, CVSS exploitability score: 2.2 Dependency Tree: speccy@0.11.0 ├── oas-validator@3.4.0 │ └── ajv@5.5.2 └── redoc@2.0.0-rc.8-1 └── swagger2openapi@5.4.0 └── oas-validator@3.4.0 └── ajv@5.5.2 Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency dompurify version 1.0.11 with the following vulnerabilities: CVE-2024-48910, Severity: CRITICAL, Source: https://github.com/advisories/GHSA-p3vf-v8qc-cwcr CVSS score: 9.8, CVSS exploitability score: 3.9 GHSA-mjjq-c88q-qhr6, Severity: CRITICAL, Source: https://github.com/advisories/GHSA-mjjq-c88q-qhr6 CVE-2024-45801, Severity: HIGH, Source: https://github.com/advisories/GHSA-mmhx-hmjr-r674 CVSS score: 6.1, CVSS exploitability score: 2.8 CVE-2024-47875, Severity: HIGH, Source: https://github.com/advisories/GHSA-gx9m-whjm-85jf CVSS score: 6.1, CVSS exploitability score: 2.8 Has public exploit CVE-2019-16728, Severity: MEDIUM, Source: https://github.com/advisories/GHSA-chqj-j4fh-rw7m CVSS score: 6.1, CVSS exploitability score: 2.8 Has public exploit CVE-2020-26870, Severity: MEDIUM, Source: https://github.com/advisories/GHSA-63q7-h895-m982 CVSS score: 6.1, CVSS exploitability score: 2.8 Has public exploit CVE-2025-26791, Severity: MEDIUM, Source: https://github.com/advisories/GHSA-vhxf-7vqr-mrjg CVSS score: 6.1, CVSS exploitability score: 2.8 Has public exploit Dependency Tree: speccy@0.11.0 └── redoc@2.0.0-rc.8-1 └── dompurify@1.0.11 Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency ejs version 2.7.4 with the following vulnerabilities: CVE-2024-33883, Severity: MEDIUM, Source: https://github.com/advisories/GHSA-ghr5-ch3p-vcr6 CVSS score: 4, CVSS exploitability score: 2.5 Dependency Tree: speccy@0.11.0 └── ejs@2.7.4 Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency jsonpointer version 4.1.0 with the following vulnerabilities: CVE-2021-23807, Severity: MEDIUM, Source: https://github.com/advisories/GHSA-282f-qqgm-c34q CVSS score: 9.8, CVSS exploitability score: 3.9 Has public exploit Dependency Tree: speccy@0.11.0 ├── oas-validator@3.4.0 │ └── better-ajv-errors@0.6.7 │ └── jsonpointer@4.1.0 └── redoc@2.0.0-rc.8-1 └── swagger2openapi@5.4.0 └── oas-validator@3.4.0 └── better-ajv-errors@0.6.7 └── jsonpointer@4.1.0 Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency marked version 0.6.3 with the following vulnerabilities: CVE-2022-21680, Severity: HIGH, Source: https://github.com/advisories/GHSA-rrrm-qjm4-v8hf CVSS score: 7.5, CVSS exploitability score: 3.9 Has public exploit CVE-2022-21681, Severity: HIGH, Source: https://github.com/advisories/GHSA-5v2h-r2cx-5xgj CVSS score: 7.5, CVSS exploitability score: 3.9 Has public exploit GHSA-ch52-vgq2-943f, Severity: LOW, Source: https://github.com/advisories/GHSA-ch52-vgq2-943f Dependency Tree: speccy@0.11.0 └── redoc@2.0.0-rc.8-1 └── marked@0.6.3 Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency min-document version 2.19.0 with the following vulnerabilities: CVE-2025-57352, Severity: LOW, Source: https://github.com/advisories/GHSA-rx8g-88g5-qh64 CVSS score: 5.3, CVSS exploitability score: 3.9 Dependency Tree: speccy@0.11.0 └── redoc@2.0.0-rc.8-1 └── react-hot-loader@4.13.1 └── global@4.4.0 └── min-document@2.19.0 Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency nconf version 0.10.0 with the following vulnerabilities: CVE-2022-21803, Severity: HIGH, Source: https://github.com/advisories/GHSA-6xwr-q98w-rvg7 CVSS score: 7.5, CVSS exploitability score: 3.9 Has public exploit Dependency Tree: speccy@0.11.0 └── nconf@0.10.0 Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency yargs-parser version 11.1.1 with the following vulnerabilities: CVE-2020-7608, Severity: MEDIUM, Source: https://github.com/advisories/GHSA-p9pc-299p-vxgp CVSS score: 5.3, CVSS exploitability score: 1.8 Has public exploit Dependency Tree: speccy@0.11.0 └── redoc@2.0.0-rc.8-1 └── swagger2openapi@5.4.0 └── yargs@12.0.5 └── yargs-parser@11.1.1