VulnerableCode Package Details - pkg:npm/hawk@4.1.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/hawk@4.1.1

Essentials
History (4)

purl	pkg:npm/hawk@4.1.1

Next non-vulnerable version	9.0.1
Latest non-vulnerable version	9.0.1
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-5smn-zvsy-fydh Aliases: CVE-2022-29167 GHSA-44pw-h2cw-w3vq	hawk: REDoS in hawk.utils.parseHost() when parsing Host header	9.0.1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-uhy5-ke8w-47dz	Regular Expression Denial of Service in hawk Versions of `hawk` prior to 3.1.3, or 4.x prior to 4.1.1 are affected by a regular expression denial of service vulnerability related to excessively long headers and URI's. ## Recommendation Update to hawk version 4.1.1 or later.	CVE-2016-2515 GHSA-jcpv-g9rr-qxrc

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-30T05:12:59.399260+00:00	GitLab Importer	Affected by	VCID-5smn-zvsy-fydh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/hawk/CVE-2022-29167.yml	38.6.0
2026-05-29T17:29:29.589292+00:00	GitLab Importer	Fixing	VCID-uhy5-ke8w-47dz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/hawk/CVE-2016-2515.yml	38.6.0
2026-05-29T14:21:56.740384+00:00	GHSA Importer	Fixing	VCID-uhy5-ke8w-47dz	https://github.com/advisories/GHSA-jcpv-g9rr-qxrc	38.6.0
2026-05-29T09:20:01.804334+00:00	GithubOSV Importer	Fixing	VCID-uhy5-ke8w-47dz	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-jcpv-g9rr-qxrc/GHSA-jcpv-g9rr-qxrc.json	38.6.0