`koa`

Ecosystem:
npm

Package URL:
pkg:npm/koa

Total PRs:
1,851 Dependabot PRs

Latest PR:
about 11 hours ago

Unique Repositories:
1,213 repositories

Unique Repos (30 days):
98 repositories

Security Advisories

Koajs vulnerable to Cross-Site Scripting (XSS) at ctx.redirect() function

GHSA-x2rg-q646-7m2v CVE-2025-32379 MODERATE published 11 months ago • updated 3 days ago

### Summary In koa < 2.16.1 and < 3.0.0-alpha.5, passing untrusted user input to ctx.redirect() even after sanitizing it, may execute javascript co...

Koa Open Redirect via Referrer Header (User-Controlled)

GHSA-jgmv-j7ww-jx2x CVE-2025-8129 LOW published 7 months ago • updated 6 days ago

## Summary In the latest version of Koa, the back method used for redirect operations adopts an insecure implementation, which uses the user-contro...

Koa Vulnerable to Open Redirect via Trailing Double-Slash (//) in back Redirect Logic

GHSA-g8mr-fgfg-5qpc CVE-2025-62595 MODERATE published 5 months ago • updated 6 days ago

### Summary: A bypass was discovered in the `Koa.js` framework affecting its back redirect functionality. In certain circumstances, an attacker ca...

2.16.2 → 2.16.4 Patch PR

Open about 11 hours ago 1 comment

chore(deps)(deps): bump the production-dependencies group across 1 directory with 27 updates

LLM-Dev-Ops/forge #45

3.1.1 → 3.1.2 Patch PR

Open 2 days ago 2 comments

chore(deps): bump the npm-minor-patch group across 1 directory with 69 updates

IsSmallPigPig/TXTech_Voice #5

2.16.3 → 2.16.4 Patch PR

Open 4 days ago 2 comments

chore(deps): bump the npm-minor-patch group across 1 directory with 83 updates

weiyb852/VoiceHub-e7cc6 #6

2.16.3 → 2.16.4 Patch PR

Open 4 days ago 1 comment

chore(deps): bump the npm-minor-patch group across 1 directory with 81 updates

weiyb852/VoiceHub-14c06 #6

2.16.3 → 2.16.4 Patch PR

Open 4 days ago 2 comments

chore(deps): bump the npm-minor-patch group across 1 directory with 83 updates

weiyb852/VoiceHub-8afce #6

2.16.3 → 2.16.4 Patch PR

Open 4 days ago 1 comment

Bump koa from 2.16.3 to 2.16.4

hashintel/hash #8515

2.16.3 → 2.16.4 Patch PR

Open 4 days ago 3 comments

Bump the npm_and_yarn group across 15 directories with 14 updates

Astevba/vscode #136

3.1.1 → 3.1.2 Patch PR

Closed 4 days ago 1 comment

build(deps): bump the npm_and_yarn group across 15 directories with 12 updates

Kaairofelipe/vscode #17

3.1.1 → 3.1.2 Patch PR

Closed 5 days ago 1 comment

Bump the npm_and_yarn group across 15 directories with 14 updates

Canmarha/vscode #21

3.1.1 → 3.1.2 Patch PR

Closed 5 days ago 1 comment

Bump the npm_and_yarn group across 15 directories with 12 updates

ScorpionBytes/vscode #22

3.1.1 → 3.1.2 Patch PR

Closed 5 days ago 1 comment

build(deps): bump the npm_and_yarn group across 15 directories with 11 updates

Kaairofelipe/vscode #16

3.1.1 → 3.1.2 Patch PR

Closed 5 days ago 1 comment

chore(deps): bump the test-versions group across 1 directory with 92 updates

DataDog/dd-trace-js #7698

3.1.1 → 3.1.2 Patch PR

Open 5 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 39 directories with 15 updates

karlitos1337/5d #453

2.16.3 → 3.1.2 Major PR

Closed 5 days ago 1 comment

Bump the npm_and_yarn group across 19 directories with 18 updates

cptthura-alt/vscode #20

3.1.1 → 3.1.2 Patch PR

Closed 6 days ago 1 comment

Bump the npm_and_yarn group across 16 directories with 16 updates

EU-UNION-AI-PACT/vscode #13

3.1.1 → 3.1.2 Patch PR

Closed 6 days ago 1 comment

build(deps): bump the npm_and_yarn group across 15 directories with 6 updates

machalliance/Migration-Documentation-AI #41

2.16.2 → 2.16.4 Patch PR

Open 6 days ago 1 comment

Bump the npm_and_yarn group across 17 directories with 17 updates

sethchyna-ux/vscode #22

3.1.1 → 3.1.2 Patch PR

Closed 6 days ago 1 comment

build(deps): bump the npm_and_yarn group across 15 directories with 5 updates

machalliance/Migration-Documentation-AI #40

2.16.2 → 2.16.4 Patch PR

Closed 6 days ago 2 comments

chore(deps): bump the npm_and_yarn group across 41 directories with 15 updates

karlitos1337/5d #449

2.16.3 → 3.1.2 Major PR

Closed 6 days ago 1 comment

build(deps): bump the npm_and_yarn group across 1 directory with 16 updates

zym9863/Neon-and-Night #1

2.16.1 → 2.16.4 Patch PR

Open 6 days ago 1 comment

build(deps): bump the npm_and_yarn group across 1 directory with 15 updates

zym9863/Do-Not-Say-Goodbye #1

2.16.1 → 2.16.4 Patch PR

Open 6 days ago 1 comment

Bump the npm_and_yarn group across 15 directories with 14 updates

sethchyna-ux/vscode #20

3.1.1 → 3.1.2 Patch PR

Closed 6 days ago 1 comment

Bump the npm_and_yarn group across 3 directories with 9 updates

halysondev/vscode-copilot-chat #6

3.1.1 → 3.1.2 Patch PR

Open 6 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 16 directories with 5 updates

strapi/strapi #25630

2.16.3 → 3.1.2 Major PR

Closed 7 days ago 2 comments

Bump the npm_and_yarn group across 5 directories with 17 updates

jadenblack/vulcan-sql #16

2.13.4 → 3.1.2 Major PR

Closed 8 days ago 3 comments

chore(deps): bump the npm_and_yarn group across 16 directories with 5 updates

strapi/strapi #25607

2.16.3 → 3.1.2 Major PR

Open 8 days ago 1 comment

chore(deps): bump koa from 2.16.3 to 2.16.4

SanderElias/Samples #101

2.16.3 → 2.16.4 Patch PR

Closed 8 days ago 2 comments

chore(deps): bump the npm_and_yarn group across 2 directories with 5 updates

amuzetnoM/ARTIFACT-SDK #77

2.16.3 → 2.16.4 Patch PR

Open 8 days ago 1 comment

Bump the npm_and_yarn group across 11 directories with 4 updates

DAYIAWAN/Course-at-GB #59

2.11.0 → 3.1.2 Major PR

Closed 8 days ago 1 comment

Bump the npm_and_yarn group across 17 directories with 15 updates

ivanm696/vscode-1.107.1 #23

3.1.1 → 3.1.2 Patch PR

Open 8 days ago 2 comments

Bump the npm_and_yarn group across 15 directories with 13 updates

Akusher23/vscode #17

3.1.1 → 3.1.2 Patch PR

Closed 8 days ago 1 comment

chore(deps): bump the test-versions group across 1 directory with 92 updates

DataDog/dd-trace-js #7649

3.1.1 → 3.1.2 Patch PR

Open 8 days ago 2 comments

chore(deps): bump the npm_and_yarn group across 2 directories with 18 updates

trizist/platformatic #8

2.16.2 → 3.1.2 Major PR

Closed 8 days ago 1 comment

build(deps): bump the npm_and_yarn group across 11 directories with 7 updates

fork-the-planet/opnsense-ports #12

2.16.3 → 3.1.2 Major PR

Closed 8 days ago 1 comment

build(deps): bump the npm_and_yarn group across 13 directories with 5 updates

Morin3/turbo #184

2.13.4 → 3.1.2 Major PR

Closed 8 days ago 3 comments

chore(deps): bump the npm_and_yarn group across 1 directory with 12 updates

agustinusnathaniel/my-spotify-nuxt #4

2.15.3 → 2.16.4 Minor PR

Open 9 days ago 2 comments

Bump the npm_and_yarn group across 15 directories with 13 updates

mohmmeed/vscode #17

3.1.1 → 3.1.2 Patch PR

Open 9 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 5 directories with 28 updates

GlacierEQ/core #10

2.15.3 → 3.1.2 Major PR

Open 9 days ago 3 comments

Bump the npm_and_yarn group across 15 directories with 13 updates

Akusher23/vscode #16

3.1.1 → 3.1.2 Patch PR

Closed 9 days ago 1 comment

Bump the npm_and_yarn group across 5 directories with 16 updates

jadenblack/vulcan-sql #15

2.13.4 → 3.1.2 Major PR

Closed 9 days ago 2 comments

build(deps): bump the npm_and_yarn group across 14 directories with 7 updates

machalliance/Migration-Documentation-AI #34

2.16.2 → 2.16.4 Patch PR

Open 9 days ago 1 comment

chore(deps): bump the test-versions group across 1 directory with 2 updates

DataDog/dd-trace-js #7634

3.1.1 → 3.1.2 Patch PR

Closed 9 days ago 4 comments

Bump the npm_and_yarn group across 13 directories with 3 updates

Aremixdj/azuredatastudio #18

2.13.1 → 3.1.2 Major PR

Closed 9 days ago 1 comment

Bump the npm_and_yarn group across 32 directories with 6 updates

dreadwitdastacc-IFA/Devon-Miller-dreadwitdastacc-IFA-fluffy-umbrella- #28

3.1.1 → 3.1.2 Patch PR

Closed 9 days ago 1 comment

Bump the npm_and_yarn group across 29 directories with 6 updates

dreadwitdastacc-IFA/Devon-Miller-dreadwitdastacc-IFA-fluffy-umbrella- #26

3.1.1 → 3.1.2 Patch PR

Closed 9 days ago 1 comment

build(deps): bump the npm_and_yarn group across 13 directories with 6 updates

Morin3/turbo #183

2.13.4 → 3.1.2 Major PR

Open 9 days ago 2 comments

chore(deps): bump the npm_and_yarn group across 7 directories with 27 updates

GlacierEQ/core #9

2.15.3 → 3.1.2 Major PR

Open 10 days ago 3 comments

Bump the npm_and_yarn group across 23 directories with 6 updates

dreadwitdastacc-IFA/Devon-Miller-dreadwitdastacc-IFA-fluffy-umbrella- #25

3.1.1 → 3.1.2 Patch PR

Closed 10 days ago 2 comments

chore(deps-dev): bump koa from 2.16.4 to 3.1.2 in the npm_and_yarn group across 1 directory

AKJUS/node-newrelic #26

2.16.4 → 3.1.2 Major PR

Open 10 days ago 1 comment

Package Details

Name:	`koa`
Ecosystem:	npm
PURL Type:	npm
Package URL:	`pkg:npm/koa`
JSON API:	View JSON

Security Advisories

5

Active advisories

CRITICAL 1

HIGH 1

MODERATE 2

LOW 1

View All npm Advisories

Package Information

Description:

Koa web app framework

Repository:	https://github.com/koajs/koa
Homepage:	https://koajs.com
Latest Release:	`3.0.0` 11 months ago
Dependent Repos:	109,950
Dependent Packages:	10,470
Downloads:	17,685,945
Ranking:	Top 0.094% by dependent repos Top 0.1112% by downloads Top 0.0091% by dependent pkgs

PR Status

Open 931 (50.3%)

Merged 194 (10.5%)

Closed 616 (33.3%)

PR Types

Removal 31 (1.7%)

Minor 599 (32.4%)

Major 732 (39.5%)

Patch 377 (20.4%)

koa

Security Advisories

Koajs vulnerable to Cross-Site Scripting (XSS) at ctx.redirect() function

Koa Open Redirect via Referrer Header (User-Controlled)

Koa Vulnerable to Open Redirect via Trailing Double-Slash (//) in back Redirect Logic

Koa has Host Header Injection via ctx.hostname

Inefficient Regular Expression Complexity in koa

Recent PRs

Package Details

Security Advisories

5

Package Information

PR Status

PR Types

`koa`