📦 Koa

Name: Koa
Author: Koajs

by Koajs

🔍 What is Koa?

Description coming soon...

🛡️ Security Overview

Click on a severity to filter vulnerabilities

⚠️ Known Vulnerabilities

CVE-2026-27959

HIGH CVSS 7.5 Feb 26, 2026

This vulnerability in Koa.js allows attackers to inject malicious hostnames via specially crafted HTTP Host headers containing '@' symbols. Applications using ctx.hostname for security-sensitive opera...

CVE-2025-25200

HIGH CVSS 7.5 Feb 12, 2025

Koa middleware for Node.js versions prior to 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3 contain a regular expression denial-of-service (ReDoS) vulnerability in how they parse X-Forwarded-Proto and X-For...

CVE-2025-62595

MEDIUM CVSS 4.3 Oct 21, 2025

This CVE describes a URL redirect bypass vulnerability in Koa.js middleware for Node.js. Attackers can manipulate the Referer header to force user browsers to navigate to malicious external websites, ...

CVE-2025-32379

MEDIUM CVSS 5.0 Apr 9, 2025

This vulnerability in Koa.js allows cross-site scripting (XSS) attacks when untrusted user input is passed to ctx.redirect() function, even after sanitization. Attackers can execute arbitrary JavaScri...