Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2025-70058
CVE-2025-70058
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests
Published Feb 26, 2026
https://github.com/advisories/GHSA-663h-2vr3-ghrj
CVSS Score
High
7.4
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
npm
yapi-vendor
1.10.0
npm
yapi-vendor
1.10.1
npm
yapi-vendor
1.10.2
npm
yapi-vendor
1.12.0
npm
yapi-vendor
1.4.1
npm
yapi-vendor
1.4.2
npm
yapi-vendor
1.4.3
npm
yapi-vendor
1.4.4
npm
yapi-vendor
1.5.0
npm
yapi-vendor
1.5.10
npm
yapi-vendor
1.5.11
npm
yapi-vendor
1.5.12
npm
yapi-vendor
1.5.13
npm
yapi-vendor
1.5.14
npm
yapi-vendor
1.5.1
npm
yapi-vendor
1.5.2
npm
yapi-vendor
1.5.3
npm
yapi-vendor
1.5.4
npm
yapi-vendor
1.5.5
npm
yapi-vendor
1.5.6
npm
yapi-vendor
1.5.7
npm
yapi-vendor
1.5.8
npm
yapi-vendor
1.6.0
npm
yapi-vendor
1.6.1
npm
yapi-vendor
1.6.2
npm
yapi-vendor
1.6.3
npm
yapi-vendor
1.7.0-beta.0
npm
yapi-vendor
1.7.0-beta.1
npm
yapi-vendor
1.7.0
npm
yapi-vendor
1.7.1
npm
yapi-vendor
1.7.2
npm
yapi-vendor
1.8.0
npm
yapi-vendor
1.8.1
npm
yapi-vendor
1.8.2
npm
yapi-vendor
1.8.3
npm
yapi-vendor
1.8.4
npm
yapi-vendor
1.8.5
npm
yapi-vendor
1.8.7
npm
yapi-vendor
1.8.8
npm
yapi-vendor
1.9.0
npm
yapi-vendor
1.9.1
npm
yapi-vendor
1.9.2
npm
yapi-vendor
1.9.3
npm
yapi-vendor
1.9.4
1-44 of 44
CVE-2025-70058 | Components Impacted | Sonatype Guide | Sonatype Guide
