Koajs

Security Risk Profile

/100

low

Security Risk Score

Comprehensive risk assessment based on 6 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from December 11, 2023 to present

Total CVEs

Critical+High

Exploited

Unpatched

Threat Assessment

Avg CVSS

7.3

Base severity

Avg EPSS

Exploit probability

Unpatched

Critical/High

Risk Level

32/100

low

Severity Distribution

Critical

High

Medium

Low

Exploit Likelihood

>50% chance

20-50%

5-20%

<5%

Age Distribution

Common Weaknesses (CWE)

XSS

Input Validation

SSRF

Most Affected Products

1. Koajs Koa Node.js24

2. npm/koa15

3. IBM Planning Analytics Local - IBM Planning Analytics Workspace2

4. IBM Concert Software2

5. Koajs Koa1

Recent Vulnerabilities

See more →

CVE-2026-27959

CVSS 7.5EPSS 0%high

Koa has Host Header Injection via `ctx.hostname`

2/26/2026

CVE-2025-62595

CVSS 6.1medium

Koa Vulnerable to Open Redirect via Trailing Double-Slash (//) in back Redirect Logic

10/21/2025

CVE-2025-8129

CVSS 6.1EPSS 0%medium

KoaJS Koa HTTP Header response.js back redirect

7/25/2025

CVE-2025-32379

CVSS 6.1EPSS 0%medium

XSS at ctx.redirect() function in Koajs

4/9/2025

CVE-2025-25200

CVSS 9.2EPSS 0%critical

Koa has Inefficient Regular Expression Complexity

2/12/2025

CVE-2023-49803

CVSS 8.6high

@koa/cors has overly permissive origin policy

12/11/2023

Monitor Koajs in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free Trial Book a Demo