Koa — CVE history (npm)

Koa

5 CVEs affect the Koa npm package (highest CVSS 7.5). Latest disclosed: 2026-02-26. Full CVE history sourced from NVD.

Summary

Package
Koa (npm)
Total CVEs
5
Actively exploited (CISA KEV)
0
Highest CVSS
7.5
Latest disclosed
2026-02-26

Recent CVEs (top 5)

CVESeverityCVSSKEVPublishedSummary
CVE-2026-27959High7.52026-02-26Koa is middleware for Node.js using ES2017 async functions.
CVE-2025-62595Medium4.32025-10-21Koa is expressive middleware for Node.js using ES2017 async functions.
CVE-2025-8129Low3.52025-07-25A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0.
CVE-2025-32379Medium5.02025-04-09Koa is expressive middleware for Node.js using ES2017 async functions.
CVE-2025-25200High7.52025-02-12Koa is expressive middleware for Node.js using ES2017 async functions.

All-time worst (top 5 by CVSS)

CVESeverityCVSSKEVPublishedSummary
CVE-2026-27959High7.52026-02-26Koa is middleware for Node.js using ES2017 async functions.
CVE-2025-25200High7.52025-02-12Koa is expressive middleware for Node.js using ES2017 async functions.
CVE-2025-32379Medium5.02025-04-09Koa is expressive middleware for Node.js using ES2017 async functions.
CVE-2025-62595Medium4.32025-10-21Koa is expressive middleware for Node.js using ES2017 async functions.
CVE-2025-8129Low3.52025-07-25A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0.