Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/%40adonisjs/http-server@8.2.0
purl pkg:npm/%40adonisjs/http-server@8.2.0
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-j3bq-z7me-zbaf AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs/http-server versions prior to 7.8.1 and 8.0.0-next.0 through 8.1.3, and @adonisjs/core versions prior to 7.4.0, the response.redirect().back() method reads the Referer header from the incoming HTTP request and redirects to that URL without validating the host.An attacker who can influence the Referer header can cause the application to redirect users to a malicious external site. This affects all AdonisJS applications that use response.redirect().back() or response.redirect('back'). This issue has been fixed in versions 7.8.1 and 8.2.0 and 7.4.0 of @adonisjs/core. CVE-2026-40255
GHSA-6qvv-pj99-48qm

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-13T06:29:10.334337+00:00 GHSA Importer Fixing VCID-j3bq-z7me-zbaf https://github.com/advisories/GHSA-6qvv-pj99-48qm 38.6.0
2026-06-12T22:05:04.001047+00:00 GitLab Importer Fixing VCID-j3bq-z7me-zbaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@adonisjs/http-server/CVE-2026-40255.yml 38.6.0
2026-06-12T07:46:40.108301+00:00 GithubOSV Importer Fixing VCID-j3bq-z7me-zbaf https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-6qvv-pj99-48qm/GHSA-6qvv-pj99-48qm.json 38.6.0