Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/koa@0.5.4
Typenpm
Namespace
Namekoa
Version0.5.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.16.4
Latest_non_vulnerable_version3.1.2
Affected_by_vulnerabilities
0
url VCID-dag4-3xut-xffu
vulnerability_id VCID-dag4-3xut-xffu
summary 
Koajs vulnerable to Cross-Site Scripting (XSS) at ctx.redirect() function
In koa < 2.16.1 and < 3.0.0-alpha.5, passing untrusted user input to ctx.redirect() even after sanitizing it, may execute javascript code on the user who use the app.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32379.json
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32379.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32379
reference_id
reference_type
scores
0
value 0.00311
scoring_system epss
scoring_elements 0.54677
published_at 2026-06-09T12:55:00Z
1
value 0.00311
scoring_system epss
scoring_elements 0.54675
published_at 2026-06-05T12:55:00Z
2
value 0.00311
scoring_system epss
scoring_elements 0.54685
published_at 2026-06-06T12:55:00Z
3
value 0.00311
scoring_system epss
scoring_elements 0.54678
published_at 2026-06-07T12:55:00Z
4
value 0.00311
scoring_system epss
scoring_elements 0.54657
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32379
2
reference_url https://github.com/koajs/koa
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/koajs/koa
3
reference_url https://github.com/koajs/koa/commit/ff25eb4a7f2392df46481fe86355161067687312
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-09T17:29:51Z/
url https://github.com/koajs/koa/commit/ff25eb4a7f2392df46481fe86355161067687312
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2358649
reference_id 2358649
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2358649
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32379
reference_id CVE-2025-32379
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32379
6
reference_url https://github.com/advisories/GHSA-x2rg-q646-7m2v
reference_id GHSA-x2rg-q646-7m2v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x2rg-q646-7m2v
7
reference_url https://github.com/koajs/koa/security/advisories/GHSA-x2rg-q646-7m2v
reference_id GHSA-x2rg-q646-7m2v
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-09T17:29:51Z/
url https://github.com/koajs/koa/security/advisories/GHSA-x2rg-q646-7m2v
fixed_packages
0
url pkg:npm/koa@2.16.1
purl pkg:npm/koa@2.16.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gwgu-xdj8-zkfv
1
vulnerability VCID-vm7u-chey-7be3
2
vulnerability VCID-ypnn-yfx7-wycp
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/koa@2.16.1
1
url pkg:npm/koa@3.0.0-alpha.5
purl pkg:npm/koa@3.0.0-alpha.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gwgu-xdj8-zkfv
1
vulnerability VCID-vm7u-chey-7be3
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/koa@3.0.0-alpha.5
aliases CVE-2025-32379, GHSA-x2rg-q646-7m2v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dag4-3xut-xffu
1
url VCID-gwgu-xdj8-zkfv
vulnerability_id VCID-gwgu-xdj8-zkfv
summary 
Duplicate Advisory: Koa Open Redirect via Referrer Header (User-Controlled)
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-jgmv-j7ww-jx2x. This link is maintained to preserve external references.

### Original Description
A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
references
0
reference_url https://github.com/koajs/koa
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/koajs/koa
1
reference_url https://github.com/koajs/koa/commit/422c551c63d00f24e2bbbdf492f262a5935bb1f0
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/koajs/koa/commit/422c551c63d00f24e2bbbdf492f262a5935bb1f0
2
reference_url https://github.com/koajs/koa/issues/1892
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/koajs/koa/issues/1892
3
reference_url https://github.com/koajs/koa/issues/1892#issue-3213028583
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/koajs/koa/issues/1892#issue-3213028583
4
reference_url https://vuldb.com/?ctiid.317514
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://vuldb.com/?ctiid.317514
5
reference_url https://vuldb.com/?id.317514
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://vuldb.com/?id.317514
6
reference_url https://vuldb.com/?submit.619741
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://vuldb.com/?submit.619741
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-8129
reference_id CVE-2025-8129
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-8129
8
reference_url https://github.com/advisories/GHSA-mvw6-62qv-vmqf
reference_id GHSA-mvw6-62qv-vmqf
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mvw6-62qv-vmqf
fixed_packages
0
url pkg:npm/koa@3.0.1
purl pkg:npm/koa@3.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9unx-nbx3-4ub9
1
vulnerability VCID-ypnn-yfx7-wycp
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/koa@3.0.1
aliases GHSA-mvw6-62qv-vmqf
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gwgu-xdj8-zkfv
2
url VCID-tn9e-shkk-q3cn
vulnerability_id VCID-tn9e-shkk-q3cn
summary 
Inefficient Regular Expression Complexity in koa
Koa uses an evil regex to parse the `X-Forwarded-Proto` and `X-Forwarded-Host` HTTP headers. This can be exploited to carry out a Denial-of-Service attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-25200
reference_id
reference_type
scores
0
value 0.00496
scoring_system epss
scoring_elements 0.66199
published_at 2026-06-05T12:55:00Z
1
value 0.00496
scoring_system epss
scoring_elements 0.66197
published_at 2026-06-09T12:55:00Z
2
value 0.00496
scoring_system epss
scoring_elements 0.66179
published_at 2026-06-08T12:55:00Z
3
value 0.00496
scoring_system epss
scoring_elements 0.66192
published_at 2026-06-07T12:55:00Z
4
value 0.00496
scoring_system epss
scoring_elements 0.66208
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-25200
1
reference_url https://github.com/koajs/koa
reference_id
reference_type
scores
0
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/koajs/koa
2
reference_url https://github.com/koajs/koa/commit/5054af6e31ffd451a4151a1fe144cef6e5d0d83c
reference_id
reference_type
scores
0
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T18:33:35Z/
url https://github.com/koajs/koa/commit/5054af6e31ffd451a4151a1fe144cef6e5d0d83c
3
reference_url https://github.com/koajs/koa/commit/5f294bb1c7c8d9c61904378d250439a321bffd32
reference_id
reference_type
scores
0
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T18:33:35Z/
url https://github.com/koajs/koa/commit/5f294bb1c7c8d9c61904378d250439a321bffd32
4
reference_url https://github.com/koajs/koa/commit/93fe903fc966635a991bcf890cfc3427d33a1a08
reference_id
reference_type
scores
0
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T18:33:35Z/
url https://github.com/koajs/koa/commit/93fe903fc966635a991bcf890cfc3427d33a1a08
5
reference_url https://github.com/koajs/koa/releases/tag/2.15.4
reference_id
reference_type
scores
0
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T18:33:35Z/
url https://github.com/koajs/koa/releases/tag/2.15.4
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-25200
reference_id CVE-2025-25200
reference_type
scores
0
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-25200
7
reference_url https://github.com/advisories/GHSA-593f-38f6-jp5m
reference_id GHSA-593f-38f6-jp5m
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-593f-38f6-jp5m
8
reference_url https://github.com/koajs/koa/security/advisories/GHSA-593f-38f6-jp5m
reference_id GHSA-593f-38f6-jp5m
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T18:33:35Z/
url https://github.com/koajs/koa/security/advisories/GHSA-593f-38f6-jp5m
9
reference_url https://github.com/koajs/koa/blob/master/lib/request.js#L259
reference_id request.js#L259
reference_type
scores
0
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T18:33:35Z/
url https://github.com/koajs/koa/blob/master/lib/request.js#L259
10
reference_url https://github.com/koajs/koa/blob/master/lib/request.js#L404
reference_id request.js#L404
reference_type
scores
0
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T18:33:35Z/
url https://github.com/koajs/koa/blob/master/lib/request.js#L404
fixed_packages
0
url pkg:npm/koa@0.21.2
purl pkg:npm/koa@0.21.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dag4-3xut-xffu
1
vulnerability VCID-gwgu-xdj8-zkfv
2
vulnerability VCID-ypnn-yfx7-wycp
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/koa@0.21.2
1
url pkg:npm/koa@1.7.1
purl pkg:npm/koa@1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dag4-3xut-xffu
1
vulnerability VCID-gwgu-xdj8-zkfv
2
vulnerability VCID-ypnn-yfx7-wycp
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/koa@1.7.1
2
url pkg:npm/koa@2.15.4
purl pkg:npm/koa@2.15.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dag4-3xut-xffu
1
vulnerability VCID-gwgu-xdj8-zkfv
2
vulnerability VCID-vm7u-chey-7be3
3
vulnerability VCID-ypnn-yfx7-wycp
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/koa@2.15.4
3
url pkg:npm/koa@3.0.0-alpha.3
purl pkg:npm/koa@3.0.0-alpha.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dag4-3xut-xffu
1
vulnerability VCID-gwgu-xdj8-zkfv
2
vulnerability VCID-vm7u-chey-7be3
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/koa@3.0.0-alpha.3
aliases CVE-2025-25200, GHSA-593f-38f6-jp5m
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tn9e-shkk-q3cn
3
url VCID-ypnn-yfx7-wycp
vulnerability_id VCID-ypnn-yfx7-wycp
summary 
Koa has Host Header Injection via ctx.hostname
Koa's `ctx.hostname` API performs naive parsing of the HTTP Host header, extracting everything before the first colon without validating the input conforms to RFC 3986 hostname syntax. When a malformed Host header containing a `@` symbol (e.g., `evil.com:fake@legitimate.com`) is received, `ctx.hostname` returns `evil.com` - an attacker-controlled value. Applications using `ctx.hostname` for URL generation, password reset links, email verification URLs, or routing decisions are vulnerable to Host header injection attacks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27959.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27959.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27959
reference_id
reference_type
scores
0
value 0.00125
scoring_system epss
scoring_elements 0.31241
published_at 2026-06-09T12:55:00Z
1
value 0.00125
scoring_system epss
scoring_elements 0.31318
published_at 2026-06-05T12:55:00Z
2
value 0.00125
scoring_system epss
scoring_elements 0.31285
published_at 2026-06-06T12:55:00Z
3
value 0.00125
scoring_system epss
scoring_elements 0.31249
published_at 2026-06-07T12:55:00Z
4
value 0.00125
scoring_system epss
scoring_elements 0.31218
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27959
2
reference_url https://github.com/koajs/koa
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/koajs/koa
3
reference_url https://github.com/koajs/koa/commit/55ab9bab044ead4e82c70a30a4f9dc0fc9c1b6df
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T19:31:17Z/
url https://github.com/koajs/koa/commit/55ab9bab044ead4e82c70a30a4f9dc0fc9c1b6df
4
reference_url https://github.com/koajs/koa/commit/b76ddc01fdb703e51652b0fd131d16394cadcfeb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T19:31:17Z/
url https://github.com/koajs/koa/commit/b76ddc01fdb703e51652b0fd131d16394cadcfeb
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442928
reference_id 2442928
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442928
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27959
reference_id CVE-2026-27959
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27959
7
reference_url https://github.com/advisories/GHSA-7gcc-r8m5-44qm
reference_id GHSA-7gcc-r8m5-44qm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7gcc-r8m5-44qm
8
reference_url https://github.com/koajs/koa/security/advisories/GHSA-7gcc-r8m5-44qm
reference_id GHSA-7gcc-r8m5-44qm
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T19:31:17Z/
url https://github.com/koajs/koa/security/advisories/GHSA-7gcc-r8m5-44qm
9
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
10
reference_url https://access.redhat.com/errata/RHSA-2026:7249
reference_id RHSA-2026:7249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7249
fixed_packages
0
url pkg:npm/koa@2.16.4
purl pkg:npm/koa@2.16.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/koa@2.16.4
1
url pkg:npm/koa@3.1.2
purl pkg:npm/koa@3.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/koa@3.1.2
aliases CVE-2026-27959, GHSA-7gcc-r8m5-44qm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ypnn-yfx7-wycp
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/koa@0.5.4