Ajv — CVE history (npm)

Ajv

2 CVEs affect the Ajv npm package (highest CVSS 5.6). Latest disclosed: 2026-02-11. Full CVE history sourced from NVD.

Summary

Package
Ajv (npm)
Total CVEs
2
Actively exploited (CISA KEV)
0
Highest CVSS
5.6
Latest disclosed
2026-02-11

Recent CVEs (top 2)

CVESeverityCVSSKEVPublishedSummary
CVE-2025-69873Low2.92026-02-11ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled.
CVE-2020-15366Medium5.62020-07-15An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2.

All-time worst (top 2 by CVSS)

CVESeverityCVSSKEVPublishedSummary
CVE-2020-15366Medium5.62020-07-15An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2.
CVE-2025-69873Low2.92026-02-11ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled.