Koajs Koa

5 CVEs affecting Koajs Koa. Latest disclosed: 2026-02-26. Critical: 0, High: 2.

Top CVEs affecting Koajs Koa
CVESeverityScorePublishedSummary
CVE-2026-27959High7.52026-02-26Koa is middleware for Node.js using ES2017 async functions. Prior to versions 3.1.2 and 2.16.4, Koa's `ctx.hostname` API performs naive parsing of the HTTP Hos…
CVE-2025-25200High7.52025-02-12Koa is expressive middleware for Node.js using ES2017 async functions. Prior to versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3, Koa uses an evil regex to pa…
CVE-2025-32379Medium5.02025-04-09Koa is expressive middleware for Node.js using ES2017 async functions. In koa < 2.16.1 and < 3.0.0-alpha.5, passing untrusted user input to ctx.redirect() even…
CVE-2025-62595Medium4.32025-10-21Koa is expressive middleware for Node.js using ES2017 async functions. In versions 2.16.2 to before 2.16.3 and 3.0.1 to before 3.0.3, a bypass to CVE-2025-8129…
CVE-2025-8129Low3.52025-07-25A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the c…