pkg:npm/koa

5 total CVEsHIGH1MEDIUM2LOW1

✅ Check your installed version

All known vulnerabilities

  • HIGH7.5CVE-2026-27959Koa has Host Header Injection via ctx.hostname
    >= 3.0.0, < 3.1.2
  • MEDIUM5.0CVE-2025-32379Koajs vulnerable to Cross-Site Scripting (XSS) at ctx.redirect() function
    from 0, < 2.16.1
  • MEDIUM4.7CVE-2025-62595Koa Vulnerable to Open Redirect via Trailing Double-Slash (//) in back Redirect Logic
    >= 3.0.1, < 3.0.3
  • LOW3.5CVE-2025-8129Koa Open Redirect via Referrer Header (User-Controlled)
    >= 2.0.0, < 2.16.2
  • CVE-2025-25200Inefficient Regular Expression Complexity in koa
    >= 2.0.0, < 2.15.4