Ajv — CVE history (npm)
Ajv
2 CVEs affect the Ajv npm package (highest CVSS 5.6). Latest disclosed: 2026-02-11. Full CVE history sourced from NVD.
Summary
- Package
Ajv(npm)- Total CVEs
2- Actively exploited (CISA KEV)
- 0
- Highest CVSS
5.6- Latest disclosed
- 2026-02-11
Recent CVEs (top 2)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-69873 | Low | 2.9 | — | 2026-02-11 | ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. |
CVE-2020-15366 | Medium | 5.6 | — | 2020-07-15 | An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. |
All-time worst (top 2 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-15366 | Medium | 5.6 | — | 2020-07-15 | An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. |
CVE-2025-69873 | Low | 2.9 | — | 2026-02-11 | ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. |