PT-2026-22104

Name of the Vulnerable Software and Affected Versions Koa versions prior to 3.1.2 Koa versions prior to 2.16.4 Description Koa middleware for Node.js, using ES2017 async functions, has an issue where the ctx.hostname API improperly parses the HTTP Host header. The parsing does not validate input...

PT-2025-15755

Name of the Vulnerable Software and Affected Versions: Koa versions prior to 2.16.1 Koa versions prior to 3.0.0-alpha.5 Description: The issue arises when passing untrusted user input to ctx.redirect, which can execute JavaScript code on the user's device, even after sanitizing the input...

91jin (>=0.1.7 <=0.1.8), @aftonbladet/roc-package-web-app-gaea (>=0.1.0 <=0.4.1) +147 more potentially affected by CVE-2025-25200 via koa (>=1.0.0 <=1.7.0)

koa NPM version =1.0.0, =0.1.7, =0.1.0, =2.4.1, =0.0.2, =0.0.1, =0.1.0, =0.4.11, =0.1.0, =0.0.2, =1.2.1 and more Source cves: CVE-2025-25200 Source advisory: OSV:GHSA-593F-38F6-JP5M...