Koajs Koa
5 CVEs affecting Koajs Koa. Latest disclosed: 2026-02-26. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-27959 | High | 7.5 | 2026-02-26 | Koa is middleware for Node.js using ES2017 async functions. Prior to versions 3.1.2 and 2.16.4, Koa's `ctx.hostname` API performs naive parsing of the HTTP Hos… |
CVE-2025-25200 | High | 7.5 | 2025-02-12 | Koa is expressive middleware for Node.js using ES2017 async functions. Prior to versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3, Koa uses an evil regex to pa… |
CVE-2025-32379 | Medium | 5.0 | 2025-04-09 | Koa is expressive middleware for Node.js using ES2017 async functions. In koa < 2.16.1 and < 3.0.0-alpha.5, passing untrusted user input to ctx.redirect() even… |
CVE-2025-62595 | Medium | 4.3 | 2025-10-21 | Koa is expressive middleware for Node.js using ES2017 async functions. In versions 2.16.2 to before 2.16.3 and 3.0.1 to before 3.0.3, a bypass to CVE-2025-8129… |
CVE-2025-8129 | Low | 3.5 | 2025-07-25 | A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the c… |