Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

undici

Ecosystem:
npm
Package URL:
pkg:npm/undici
Total PRs:
15,471 Dependabot PRs
Latest PR:
about 8 hours ago
Unique Repositories:
9,713 repositories
Unique Repos (30 days):
176 repositories
Security Advisories
Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation
GHSA-v9p9-hfj2-hcw8 CVE-2026-2229 HIGH published 3 months ago • updated 15 days ago
### Impact The undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the `server_max_window_bits` para...
undici Denial of Service attack via bad certificate data
GHSA-cxrh-j4jr-qwg3 CVE-2025-47279 LOW published about 1 year ago • updated 2 days ago
### Impact Applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certifi...
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type
GHSA-f772-66g8-q5h3 CVE-2022-35948 MODERATE published almost 4 years ago • updated about 1 month ago
### Impact `=< undici@5.8.0` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specificall...
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
GHSA-q768-x9m6-m9qp CVE-2022-31151 LOW published almost 4 years ago • updated about 1 month ago
### Impact Authorization headers are already cleared on cross-origin redirect in https://github.com/nodejs/undici/blob/main/lib/handler/redirect.j...
Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion
GHSA-g9mf-h72j-4rw9 CVE-2026-22036 MODERATE published 5 months ago • updated 3 days ago
### Impact The `fetch()` API supports chained HTTP encoding algorithms for response content according to RFC 9110 (e.g., Content-Encoding: gzip, b...
View all 22 advisories
Recent PRs
RSS Feed
build(deps): bump the npm_and_yarn group across 2 directories with 7 updates

goodgollyholly/nitro #7

7.11.0 → 7.24.0 Minor PR
Open about 8 hours ago 2 comments
goodgollyholly
Bump undici and wrangler

unixfy/alexwang.net #217

7.18.2 → 7.24.8 Minor PR
Closed about 9 hours ago 1 comment
unixfy
build(deps): bump the npm_and_yarn group across 3 directories with 18 updates

mkusaka/bun #3

5.20.0 → 6.24.0 Major PR
Closed about 20 hours ago 1 comment
mkusaka
chore: bump the npm_and_yarn group across 1 directory with 2 updates

KanishJebaMathewM/Truxify #502

5.29.0 → 6.26.0 Major PR
Open about 22 hours ago 1 comment
KanishJebaMathewM
deps(deps): bump the production-dependencies group across 1 directory with 13 updates

actions-marketplace-validations/anantacloud-actions_setup-node #14

6.25.0 → 6.26.0 Minor PR
Open 1 day ago 1 comment
actions-marketplace-validations
chore(deps): bump the test-versions group across 1 directory with 34 updates

DataDog/dd-trace-js #8855

8.3.0 → 8.4.0 Minor PR
Open 2 days ago 3 comments
DataDog
chore(deps): bump the npm-patch-minor group across 1 directory with 9 updates

cortega26/elrincondeebano #334

8.2.0 → 8.4.1 Minor PR
Closed 2 days ago 4 comments
cortega26
chore(deps): bump the npm_and_yarn group across 6 directories with 15 updates

ai-integr8tor/hermes-agent #9

7.23.0 → 7.27.2 Minor PR
Open 3 days ago 2 comments
ai-integr8tor
chore(deps): bump the npm_and_yarn group across 2 directories with 3 updates

AvonS/hermes-agent #43

7.23.0 → 7.27.2 Minor PR
Open 3 days ago 1 comment
AvonS
build(deps): bump the dependencies group across 1 directory with 18 updates

yashas-30/NYX #5

8.3.0 → 8.4.1 Minor PR
Open 3 days ago 1 comment
yashas-30
chore: bump undici from 7.25.0 to 8.4.1

eXist-db/node-exist #388

7.25.0 → 8.4.1 Major PR
Open 3 days ago 1 comment
eXist-db
Bump the npm_and_yarn group across 1 directory with 8 updates

georgyo/ipfs-hls #21

7.22.0 → 7.27.2 Minor PR
Closed 3 days ago 2 comments
georgyo
deps(deps): bump undici from 7.24.7 to 8.4.1

YawLabs/mcp-compliance #43

7.24.7 → 8.4.1 Major PR
Open 4 days ago 1 comment
YawLabs
Bump undici from 7.25.0 to 7.27.2

Jasonhonghh/rsshub1 #123

7.25.0 → 7.27.2 Minor PR
Open 4 days ago 2 comments
Jasonhonghh
chore(deps): bump undici from 8.3.0 to 8.4.0

pablopfg/evolution-api #1027

8.3.0 → 8.4.0 Minor PR
Open 4 days ago 2 comments
pablopfg
deps: Bump the production group across 1 directory with 23 updates

EfkaStudio-prd/G-ROUTER #18

8.3.0 → 8.4.0 Minor PR
Open 4 days ago 1 comment
EfkaStudio-prd
build(deps): bump undici from 7.22.0 to 8.4.0

actions-marketplace-validations/gr2m_notifier-action #20

7.22.0 → 8.4.0 Major PR
Closed 4 days ago 1 comment
actions-marketplace-validations
chore(deps-dev): bump the development-dependencies group across 1 directory with 40 updates

senoldogann/Guardian #93

7.25.0 → 7.27.2 Minor PR
Open 4 days ago 2 comments
senoldogann
Bump undici from 5.29.0 to 8.4.0

ruying-suixing/blog #12

5.29.0 → 8.4.0 Major PR
Closed 4 days ago 3 comments
ruying-suixing
build(deps): Bump undici from 5.28.4 to 8.4.0

tvv-lippu-ja-maksujarjestelma-oy/http-pulsar-poller #687

5.28.4 → 8.4.0 Major PR
Open 4 days ago 2 comments
tvv-lippu-ja-maksujarjestelma-oy
chore(deps): bump the npm_and_yarn group across 1 directory with 3 updates

anavvanzin/iconocracy-corpus #67

5.29.0 → 7.24.8 Major PR
Open 4 days ago 1 comment
anavvanzin
chore(deps): bump undici from 5.28.4 to 6.26.0

HexaCode-droid/NotCloud-Bakend #23

5.28.4 → 6.26.0 Major PR
Open 4 days ago 2 comments
HexaCode-droid
chore(deps): bump the npm-minor-patch group across 1 directory with 59 updates

accomplish-ai/accomplish #992

8.1.0 → 8.4.0 Minor PR
Open 4 days ago 2 comments
accomplish-ai
chore(deps)(deps): bump the npm-dependencies group in /packages/web-app-vercel with 32 updates

Hiroki-org/Audicle #867

6.25.0 → 8.4.0 Major PR
Open 5 days ago 2 comments
Hiroki-org
deps(deps): bump the production-dependencies group across 1 directory with 11 updates

anantacloud-actions/kyverno-action #9

6.25.0 → 6.26.0 Minor PR
Open 5 days ago 2 comments
anantacloud-actions
Bump the npm_and_yarn group across 1 directory with 2 updates

smarthomespropertieske-pixel/react-router-starter-template #1

7.14.0 → 7.24.8 Minor PR
Open 5 days ago 1 comment
smarthomespropertieske-pixel
build(deps): bump the npm_and_yarn group across 1 directory with 5 updates

HiromiShikata/type-list-query-parameter-generator-from-entity-definitions #101

6.23.0 → 6.26.0 Minor PR
Closed 6 days ago 1 comment
HiromiShikata
deps(deps): bump the production-dependencies group across 1 directory with 3 updates

anantacloud-actions/conftest-action #7

6.25.0 → 6.26.0 Minor PR
Open 6 days ago 2 comments
anantacloud-actions
chore(deps): bump the npm_and_yarn group across 18 directories with 13 updates

goodgollyholly/react-router #3

6.20.1 → 6.24.0 Minor PR
Closed 7 days ago 3 comments
goodgollyholly
chore(deps): bump undici and wrangler in /300-cloudflare/workers/issue-form

jclee941/terraform #242

7.18.2 → 7.24.8 Minor PR
Closed 7 days ago 3 comments
jclee941
Bump undici from 7.25.0 to 7.27.1

cicerolms/rsshub #145

7.25.0 → 7.27.1 Minor PR
Closed 8 days ago 3 comments
cicerolms
Bump the npm-development group across 1 directory with 4 updates

actions-marketplace-validations/hakwerk_gha-git-repo-tags #50

8.2.0 → 8.3.0 Minor PR
Closed 8 days ago 1 comment
actions-marketplace-validations
chore(deps): bump the npm_and_yarn group across 4 directories with 7 updates

FlexNetOS/hermes-agent #3

7.23.0 → 7.27.0 Minor PR
Open 8 days ago 2 comments
FlexNetOS
build(deps): bump the npm_and_yarn group across 1 directory with 2 updates

shamu4life/punchin-email #8

5.29.0 → 7.24.8 Major PR
Closed 8 days ago 3 comments
shamu4life
chore(deps): bump undici and @cloudflare/vitest-pool-workers in /packages/flags

Latimer-Woods-Tech/factory #1349

5.29.0 → 7.24.8 Major PR
Open 8 days ago 14 comments
Latimer-Woods-Tech
chore: Bump the development-dependencies group across 1 directory with 21 updates

mendersoftware/mender-server #1893

7.24.7 → 8.3.0 Major PR
Closed 9 days ago 3 comments
mendersoftware
fix(deps): bump the npm_and_yarn group across 1 directory with 27 updates

kapitanov/goscope.net #657

7.18.2 → 7.24.8 Minor PR
Closed 9 days ago 2 comments
kapitanov
deps-dev(deps-dev): bump undici from 7.26.0 to 7.27.0

egarcia74/warp-sql-server-mcp #687

7.26.0 → 7.27.0 Minor PR
Closed 10 days ago 18 comments
egarcia74
chore(deps)(deps): bump the production-dependencies group across 1 directory with 69 updates

LLM-Dev-Ops/forge #75

7.22.0 → 7.27.0 Minor PR
Open 10 days ago 2 comments
LLM-Dev-Ops
chore(deps): bump undici from 7.16.0 to 7.27.0

raffayprogrammer/rsshub #126

7.16.0 → 7.27.0 Minor PR
Open 10 days ago 1 comment
raffayprogrammer
Bump undici from 7.22.0 to 7.27.0

mazige1997/rsshub #258

7.22.0 → 7.27.0 Minor PR
Open 10 days ago 1 comment
mazige1997
Bump undici from 7.22.0 to 7.27.0

cjtcjtcjt2-star/my-rsshub #257

7.22.0 → 7.27.0 Minor PR
Open 10 days ago 2 comments
cjtcjtcjt2-star
chore(deps): bump undici from 5.28.4 to 7.27.0

hudsor01/jirah-shop #55

5.28.4 → 7.27.0 Major PR
Open 10 days ago 2 comments
hudsor01
Bump undici from 7.24.7 to 8.3.0

ecies/js #898

7.24.7 → 8.3.0 Major PR
Open 10 days ago 2 comments
ecies
chore(deps): bump the npm_and_yarn group across 1 directory with 10 updates

un-ts/napi-postinstall #60

7.11.0 → 7.27.0 Minor PR
Open 10 days ago 3 comments
un-ts
chore(deps): bump the npm_and_yarn group across 2 directories with 25 updates

cosmiccareer/terminai #17

7.15.0 → 7.27.0 Minor PR
Closed 11 days ago 1 comment
cosmiccareer
chore(deps,middleware)(deps): bump undici from 7.25.0 to 8.3.0 in /middleware

byte5ai/omadia #186

7.25.0 → 8.3.0 Major PR
Open 11 days ago 2 comments
byte5ai
chore(deps): bump the npm-minor-patch group across 1 directory with 47 updates

xztxy/openwork #49

8.1.0 → 8.3.0 Minor PR
Closed 11 days ago 2 comments
xztxy
Bump the minor-and-patch group across 1 directory with 8 updates

jmars319/vaexcore-console #6

6.25.0 → 6.26.0 Minor PR
Closed 11 days ago 1 comment
jmars319
chore(deps): bump the dev-dependencies group across 1 directory with 14 updates

vadimcusnir/AI_IDEI_OS #123

7.25.0 → 7.26.0 Minor PR
Closed 11 days ago 3 comments
vadimcusnir
Package Details
Name: undici
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/undici
JSON API: View JSON
Security Advisories

22

Active advisories
HIGH 5
MODERATE 10
LOW 7
View All npm Advisories
Package Information
Description:

An HTTP/1.1 client, written from scratch for Node.js

Repository: https://github.com/nodejs/undici
Homepage: https://undici.nodejs.org
Latest Release: 7.10.0
about 1 year ago
Dependent Repos: 98,048
Dependent Packages: 1,956
Downloads: 76,040,467
Ranking: Top 0.1008% by dependent repos Top 0.0472% by downloads Top 0.0399% by dependent pkgs
PR Status
Open 7,063 (45.7%)
Merged 2,108 (13.6%)
Closed 4,610 (29.8%)
PR Types
Major 1,137 (7.3%)
Minor 9,788 (63.3%)
Patch 2,517 (16.3%)
Removal 289 (1.9%)