Library vulnerabilities: speccy

[LocalHeroPro]

Speccy is abonded: wework/speccy#485
Probably replacement: https://github.com/stoplightio/spectral

Scan results:

 Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency ajv version 5.5.2 with the following vulnerabilities:
        CVE-2020-15366, Severity: MEDIUM, Source: https://github.com/advisories/GHSA-v88g-cgmw-v5xw
            CVSS score: 5.6, CVSS exploitability score: 2.2
    Dependency Tree:
    speccy@0.11.0
    ├── oas-validator@3.4.0
    │   └── ajv@5.5.2
    └── redoc@2.0.0-rc.8-1
        └── swagger2openapi@5.4.0
            └── oas-validator@3.4.0
                └── ajv@5.5.2
    Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency dompurify version 1.0.11 with the following vulnerabilities:
        CVE-2024-48910, Severity: CRITICAL, Source: https://github.com/advisories/GHSA-p3vf-v8qc-cwcr
            CVSS score: 9.8, CVSS exploitability score: 3.9
        GHSA-mjjq-c88q-qhr6, Severity: CRITICAL, Source: https://github.com/advisories/GHSA-mjjq-c88q-qhr6
        CVE-2024-45801, Severity: HIGH, Source: https://github.com/advisories/GHSA-mmhx-hmjr-r674
            CVSS score: 6.1, CVSS exploitability score: 2.8
        CVE-2024-47875, Severity: HIGH, Source: https://github.com/advisories/GHSA-gx9m-whjm-85jf
            CVSS score: 6.1, CVSS exploitability score: 2.8
            Has public exploit
        CVE-2019-16728, Severity: MEDIUM, Source: https://github.com/advisories/GHSA-chqj-j4fh-rw7m
            CVSS score: 6.1, CVSS exploitability score: 2.8
            Has public exploit
        CVE-2020-26870, Severity: MEDIUM, Source: https://github.com/advisories/GHSA-63q7-h895-m982
            CVSS score: 6.1, CVSS exploitability score: 2.8
            Has public exploit
        CVE-2025-26791, Severity: MEDIUM, Source: https://github.com/advisories/GHSA-vhxf-7vqr-mrjg
            CVSS score: 6.1, CVSS exploitability score: 2.8
            Has public exploit
    Dependency Tree:
    speccy@0.11.0
    └── redoc@2.0.0-rc.8-1
        └── dompurify@1.0.11
    Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency ejs version 2.7.4 with the following vulnerabilities:
        CVE-2024-33883, Severity: MEDIUM, Source: https://github.com/advisories/GHSA-ghr5-ch3p-vcr6
            CVSS score: 4, CVSS exploitability score: 2.5
    Dependency Tree:
    speccy@0.11.0
    └── ejs@2.7.4
    Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency jsonpointer version 4.1.0 with the following vulnerabilities:
        CVE-2021-23807, Severity: MEDIUM, Source: https://github.com/advisories/GHSA-282f-qqgm-c34q
            CVSS score: 9.8, CVSS exploitability score: 3.9
            Has public exploit
    Dependency Tree:
    speccy@0.11.0
    ├── oas-validator@3.4.0
    │   └── better-ajv-errors@0.6.7
    │       └── jsonpointer@4.1.0
    └── redoc@2.0.0-rc.8-1
        └── swagger2openapi@5.4.0
            └── oas-validator@3.4.0
                └── better-ajv-errors@0.6.7
                    └── jsonpointer@4.1.0
    Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency marked version 0.6.3 with the following vulnerabilities:
        CVE-2022-21680, Severity: HIGH, Source: https://github.com/advisories/GHSA-rrrm-qjm4-v8hf
            CVSS score: 7.5, CVSS exploitability score: 3.9
            Has public exploit
        CVE-2022-21681, Severity: HIGH, Source: https://github.com/advisories/GHSA-5v2h-r2cx-5xgj
            CVSS score: 7.5, CVSS exploitability score: 3.9
            Has public exploit
        GHSA-ch52-vgq2-943f, Severity: LOW, Source: https://github.com/advisories/GHSA-ch52-vgq2-943f
    Dependency Tree:
    speccy@0.11.0
    └── redoc@2.0.0-rc.8-1
        └── marked@0.6.3
    Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency min-document version 2.19.0 with the following vulnerabilities:
        CVE-2025-57352, Severity: LOW, Source: https://github.com/advisories/GHSA-rx8g-88g5-qh64
            CVSS score: 5.3, CVSS exploitability score: 3.9
    Dependency Tree:
    speccy@0.11.0
    └── redoc@2.0.0-rc.8-1
        └── react-hot-loader@4.13.1
            └── global@4.4.0
                └── min-document@2.19.0
    Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency nconf version 0.10.0 with the following vulnerabilities:
        CVE-2022-21803, Severity: HIGH, Source: https://github.com/advisories/GHSA-6xwr-q98w-rvg7
            CVSS score: 7.5, CVSS exploitability score: 3.9
            Has public exploit
    Dependency Tree:
    speccy@0.11.0
    └── nconf@0.10.0
    Name: speccy, Version: 0.11.0, Path: /var/www/app/vendor/devizzent/cebe-php-openapi/package.json contains transitive dependency yargs-parser version 11.1.1 with the following vulnerabilities:
        CVE-2020-7608, Severity: MEDIUM, Source: https://github.com/advisories/GHSA-p9pc-299p-vxgp
            CVSS score: 5.3, CVSS exploitability score: 1.8
            Has public exploit
    Dependency Tree:
    speccy@0.11.0
    └── redoc@2.0.0-rc.8-1
        └── swagger2openapi@5.4.0
            └── yargs@12.0.5
                └── yargs-parser@11.1.1