13 matches found
Malicious code in get-deps-path (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65fa6f34a831aa832f9d88019ce3d0f4011701df6ab0667bd263645208c978ce On require, get-deps-path immediately invokes getPlugin, which performs an HTTP fetch to https://jsonkeeper.com/b/QBRMI an anonymous public paste hos...
EUVD-2025-4086
Malicious code in bioql PyPI...
EUVD-2025-10545
Malicious code in bioql PyPI...
CVE-2025-32379
Koa is expressive middleware for Node.js using ES2017 async functions. In koa 2.16.1 and 3.0.0-alpha.5, passing untrusted user input to ctx.redirect even after sanitizing it, may execute javascript code on the user who use the app. This issue is patched in 2.16.1 and 3.0.0-alpha.5...
CVE-2025-32379 XSS at ctx.redirect() function in Koajs
Koa is expressive middleware for Node.js using ES2017 async functions. In koa 2.16.1 and 3.0.0-alpha.5, passing untrusted user input to ctx.redirect even after sanitizing it, may execute javascript code on the user who use the app. This issue is patched in 2.16.1 and 3.0.0-alpha.5...
CVE-2025-32379 XSS at ctx.redirect() function in Koajs
Koa is expressive middleware for Node.js using ES2017 async functions. In koa 2.16.1 and 3.0.0-alpha.5, passing untrusted user input to ctx.redirect even after sanitizing it, may execute javascript code on the user who use the app. This issue is patched in 2.16.1 and 3.0.0-alpha.5...
CVE-2025-32379
CVE-2025-32379 (Koa, Node.js): In koa < 2.16.1 and
CVE-2025-25200
A denial of service flaw was found in the koa library. An improperly designed regex is used to parse some specific HTTP headers. If untrusted requests are passed to koa, it can cause excessive resource usage on the server...
CVE-2025-25200
Koa is expressive middleware for Node.js using ES2017 async functions. Prior to versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3, Koa uses an evil regex to parse the X-Forwarded-Proto and X-Forwarded-Host HTTP headers. This can be exploited to carry out a Denial-of-Service attack. Versions 0.21....
CVE-2025-25200 Koa has Inefficient Regular Expression Complexity
Koa is expressive middleware for Node.js using ES2017 async functions. Prior to versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3, Koa uses an evil regex to parse the X-Forwarded-Proto and X-Forwarded-Host HTTP headers. This can be exploited to carry out a Denial-of-Service attack. Versions 0.21....
CVE-2025-25200
CVE-2025-25200 — Koa (Node.js): A regex-based issue in Koa’s header parsing (X-Forwarded-Proto/Host) before versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3 can be exploited to cause a Denial-of-Service. The fix is included in those versions (and later). The vulnerability stems from an inefficie...
CVE-2025-25200 Koa has Inefficient Regular Expression Complexity
Koa is expressive middleware for Node.js using ES2017 async functions. Prior to versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3, Koa uses an evil regex to parse the X-Forwarded-Proto and X-Forwarded-Host HTTP headers. This can be exploited to carry out a Denial-of-Service attack. Versions 0.21....
CVE-2025-25200 Koa has Inefficient Regular Expression Complexity
Koa is expressive middleware for Node.js using ES2017 async functions. Prior to versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3, Koa uses an evil regex to parse the X-Forwarded-Proto and X-Forwarded-Host HTTP headers. This can be exploited to carry out a Denial-of-Service attack. Versions 0.21....