Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

undici

Ecosystem:
npm
Package URL:
pkg:npm/undici
Total PRs:
15,461 Dependabot PRs
Latest PR:
about 6 hours ago
Unique Repositories:
9,707 repositories
Unique Repos (30 days):
192 repositories
Security Advisories
undici Denial of Service attack via bad certificate data
GHSA-cxrh-j4jr-qwg3 CVE-2025-47279 LOW published about 1 year ago • updated about 8 hours ago
### Impact Applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certifi...
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type
GHSA-f772-66g8-q5h3 CVE-2022-35948 MODERATE published almost 4 years ago • updated about 1 month ago
### Impact `=< undici@5.8.0` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specificall...
Undici proxy-authorization header not cleared on cross-origin redirect in fetch
GHSA-3787-6prv-h9w3 CVE-2024-24758 LOW published over 2 years ago • updated about 23 hours ago
### Impact Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authorization` headers. ### Patches ...
Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation
GHSA-v9p9-hfj2-hcw8 CVE-2026-2229 HIGH published 3 months ago • updated 13 days ago
### Impact The undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the `server_max_window_bits` para...
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
GHSA-q768-x9m6-m9qp CVE-2022-31151 LOW published almost 4 years ago • updated about 1 month ago
### Impact Authorization headers are already cleared on cross-origin redirect in https://github.com/nodejs/undici/blob/main/lib/handler/redirect.j...
View all 22 advisories
Recent PRs
RSS Feed
chore(deps): bump the test-versions group across 1 directory with 34 updates

DataDog/dd-trace-js #8855

8.3.0 → 8.4.0 Minor PR
Open about 6 hours ago 3 comments
DataDog
chore(deps): bump the npm_and_yarn group across 6 directories with 15 updates

ai-integr8tor/hermes-agent #9

7.23.0 → 7.27.2 Minor PR
Open about 11 hours ago 2 comments
ai-integr8tor
chore(deps): bump the npm_and_yarn group across 2 directories with 3 updates

AvonS/hermes-agent #43

7.23.0 → 7.27.2 Minor PR
Open about 12 hours ago 1 comment
AvonS
build(deps): bump the dependencies group across 1 directory with 18 updates

yashas-30/NYX #5

8.3.0 → 8.4.1 Minor PR
Open 1 day ago 1 comment
yashas-30
chore: bump undici from 7.25.0 to 8.4.1

eXist-db/node-exist #388

7.25.0 → 8.4.1 Major PR
Open 1 day ago 1 comment
eXist-db
Bump the npm_and_yarn group across 1 directory with 8 updates

georgyo/ipfs-hls #21

7.22.0 → 7.27.2 Minor PR
Closed 1 day ago 2 comments
georgyo
deps(deps): bump undici from 7.24.7 to 8.4.1

YawLabs/mcp-compliance #43

7.24.7 → 8.4.1 Major PR
Open 1 day ago 1 comment
YawLabs
Bump undici from 7.25.0 to 7.27.2

Jasonhonghh/rsshub1 #123

7.25.0 → 7.27.2 Minor PR
Open 2 days ago 2 comments
Jasonhonghh
chore(deps): bump undici from 8.3.0 to 8.4.0

pablopfg/evolution-api #1027

8.3.0 → 8.4.0 Minor PR
Open 2 days ago 2 comments
pablopfg
deps: Bump the production group across 1 directory with 23 updates

EfkaStudio-prd/G-ROUTER #18

8.3.0 → 8.4.0 Minor PR
Open 2 days ago 1 comment
EfkaStudio-prd
build(deps): bump undici from 7.22.0 to 8.4.0

actions-marketplace-validations/gr2m_notifier-action #20

7.22.0 → 8.4.0 Major PR
Closed 2 days ago 1 comment
actions-marketplace-validations
chore(deps-dev): bump the development-dependencies group across 1 directory with 40 updates

senoldogann/Guardian #93

7.25.0 → 7.27.2 Minor PR
Open 2 days ago 2 comments
senoldogann
Bump undici from 5.29.0 to 8.4.0

ruying-suixing/blog #12

5.29.0 → 8.4.0 Major PR
Closed 2 days ago 3 comments
ruying-suixing
build(deps): Bump undici from 5.28.4 to 8.4.0

tvv-lippu-ja-maksujarjestelma-oy/http-pulsar-poller #687

5.28.4 → 8.4.0 Major PR
Open 2 days ago 2 comments
tvv-lippu-ja-maksujarjestelma-oy
chore(deps): bump the npm_and_yarn group across 1 directory with 3 updates

anavvanzin/iconocracy-corpus #67

5.29.0 → 7.24.8 Major PR
Open 2 days ago 1 comment
anavvanzin
chore(deps): bump undici from 5.28.4 to 6.26.0

HexaCode-droid/NotCloud-Bakend #23

5.28.4 → 6.26.0 Major PR
Open 2 days ago 2 comments
HexaCode-droid
chore(deps): bump the npm-minor-patch group across 1 directory with 59 updates

accomplish-ai/accomplish #992

8.1.0 → 8.4.0 Minor PR
Open 2 days ago 2 comments
accomplish-ai
chore(deps)(deps): bump the npm-dependencies group in /packages/web-app-vercel with 32 updates

Hiroki-org/Audicle #867

6.25.0 → 8.4.0 Major PR
Open 3 days ago 2 comments
Hiroki-org
deps(deps): bump the production-dependencies group across 1 directory with 11 updates

anantacloud-actions/kyverno-action #9

6.25.0 → 6.26.0 Minor PR
Open 3 days ago 2 comments
anantacloud-actions
Bump the npm_and_yarn group across 1 directory with 2 updates

smarthomespropertieske-pixel/react-router-starter-template #1

7.14.0 → 7.24.8 Minor PR
Open 3 days ago 1 comment
smarthomespropertieske-pixel
build(deps): bump the npm_and_yarn group across 1 directory with 5 updates

HiromiShikata/type-list-query-parameter-generator-from-entity-definitions #101

6.23.0 → 6.26.0 Minor PR
Closed 4 days ago 1 comment
HiromiShikata
deps(deps): bump the production-dependencies group across 1 directory with 3 updates

anantacloud-actions/conftest-action #7

6.25.0 → 6.26.0 Minor PR
Open 4 days ago 2 comments
anantacloud-actions
chore(deps): bump the npm_and_yarn group across 18 directories with 13 updates

goodgollyholly/react-router #3

6.20.1 → 6.24.0 Minor PR
Closed 5 days ago 3 comments
goodgollyholly
chore(deps): bump undici and wrangler in /300-cloudflare/workers/issue-form

jclee941/terraform #242

7.18.2 → 7.24.8 Minor PR
Closed 5 days ago 3 comments
jclee941
Bump undici from 7.25.0 to 7.27.1

cicerolms/rsshub #145

7.25.0 → 7.27.1 Minor PR
Closed 6 days ago 3 comments
cicerolms
chore(deps): bump the npm_and_yarn group across 4 directories with 7 updates

FlexNetOS/hermes-agent #3

7.23.0 → 7.27.0 Minor PR
Open 6 days ago 2 comments
FlexNetOS
build(deps): bump the npm_and_yarn group across 1 directory with 2 updates

shamu4life/punchin-email #8

5.29.0 → 7.24.8 Major PR
Closed 6 days ago 3 comments
shamu4life
chore(deps): bump undici and @cloudflare/vitest-pool-workers in /packages/flags

Latimer-Woods-Tech/factory #1349

5.29.0 → 7.24.8 Major PR
Open 6 days ago 14 comments
Latimer-Woods-Tech
chore: Bump the development-dependencies group across 1 directory with 21 updates

mendersoftware/mender-server #1893

7.24.7 → 8.3.0 Major PR
Closed 7 days ago 3 comments
mendersoftware
fix(deps): bump the npm_and_yarn group across 1 directory with 27 updates

kapitanov/goscope.net #657

7.18.2 → 7.24.8 Minor PR
Closed 7 days ago 2 comments
kapitanov
deps-dev(deps-dev): bump undici from 7.26.0 to 7.27.0

egarcia74/warp-sql-server-mcp #687

7.26.0 → 7.27.0 Minor PR
Closed 8 days ago 18 comments
egarcia74
chore(deps)(deps): bump the production-dependencies group across 1 directory with 69 updates

LLM-Dev-Ops/forge #75

7.22.0 → 7.27.0 Minor PR
Open 8 days ago 2 comments
LLM-Dev-Ops
chore(deps): bump undici from 7.16.0 to 7.27.0

raffayprogrammer/rsshub #126

7.16.0 → 7.27.0 Minor PR
Open 8 days ago 1 comment
raffayprogrammer
Bump undici from 7.22.0 to 7.27.0

mazige1997/rsshub #258

7.22.0 → 7.27.0 Minor PR
Open 8 days ago 1 comment
mazige1997
Bump undici from 7.22.0 to 7.27.0

cjtcjtcjt2-star/my-rsshub #257

7.22.0 → 7.27.0 Minor PR
Open 8 days ago 2 comments
cjtcjtcjt2-star
chore(deps): bump undici from 5.28.4 to 7.27.0

hudsor01/jirah-shop #55

5.28.4 → 7.27.0 Major PR
Open 8 days ago 2 comments
hudsor01
Bump undici from 7.24.7 to 8.3.0

ecies/js #898

7.24.7 → 8.3.0 Major PR
Open 8 days ago 2 comments
ecies
chore(deps): bump the npm_and_yarn group across 1 directory with 10 updates

un-ts/napi-postinstall #60

7.11.0 → 7.27.0 Minor PR
Open 8 days ago 3 comments
un-ts
chore(deps): bump the npm_and_yarn group across 2 directories with 25 updates

cosmiccareer/terminai #17

7.15.0 → 7.27.0 Minor PR
Closed 9 days ago 1 comment
cosmiccareer
chore(deps,middleware)(deps): bump undici from 7.25.0 to 8.3.0 in /middleware

byte5ai/omadia #186

7.25.0 → 8.3.0 Major PR
Open 9 days ago 2 comments
byte5ai
chore(deps): bump the npm-minor-patch group across 1 directory with 47 updates

xztxy/openwork #49

8.1.0 → 8.3.0 Minor PR
Closed 9 days ago 2 comments
xztxy
Bump the minor-and-patch group across 1 directory with 8 updates

jmars319/vaexcore-console #6

6.25.0 → 6.26.0 Minor PR
Closed 9 days ago 1 comment
jmars319
chore(deps): bump the dev-dependencies group across 1 directory with 14 updates

vadimcusnir/AI_IDEI_OS #123

7.25.0 → 7.26.0 Minor PR
Closed 9 days ago 3 comments
vadimcusnir
chore(deps): Bump undici from 6.20.1 to 8.3.0 in the production-dependencies group

0xTheProDev/js-utils #17

6.20.1 → 8.3.0 Major PR
Open 9 days ago 1 comment
0xTheProDev
chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates

belumume/ai-study-architect #73

7.18.2 → 7.24.8 Minor PR
Open 10 days ago 2 comments
belumume
chore(deps-dev): bump undici from 7.20.0 to 7.26.0

pedropaulovc/el400 #208

7.20.0 → 7.26.0 Minor PR
Open 10 days ago 2 comments
pedropaulovc
deps(deps): bump undici from 6.25.0 to 6.26.0 in the production-dependencies group

actions-marketplace-validations/anantacloud-actions_setup-buildx-action #7

6.25.0 → 6.26.0 Minor PR
Open 10 days ago 1 comment
actions-marketplace-validations
chore(deps): bump the npm_and_yarn group across 1 directory with 17 updates

lhy8888/uptime #67

5.29.0 → removed
Closed 10 days ago 2 comments
lhy8888
Bump the npm_and_yarn group across 1 directory with 15 updates

JulianiusM/Surveyor #74

7.16.0 → 7.24.0 Minor PR
Open 10 days ago 1 comment
JulianiusM
build(deps): bump undici from 7.26.0 to 8.3.0

ESPlotter/ESPlotter #245

7.26.0 → 8.3.0 Major PR
Closed 11 days ago 2 comments
ESPlotter
Package Details
Name: undici
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/undici
JSON API: View JSON
Security Advisories

22

Active advisories
HIGH 5
MODERATE 10
LOW 7
View All npm Advisories
Package Information
Description:

An HTTP/1.1 client, written from scratch for Node.js

Repository: https://github.com/nodejs/undici
Homepage: https://undici.nodejs.org
Latest Release: 7.10.0
about 1 year ago
Dependent Repos: 98,048
Dependent Packages: 1,956
Downloads: 76,040,467
Ranking: Top 0.1008% by dependent repos Top 0.0472% by downloads Top 0.0399% by dependent pkgs
PR Status
Open 7,060 (45.7%)
Merged 2,108 (13.6%)
Closed 4,603 (29.8%)
PR Types
Major 1,134 (7.3%)
Minor 9,781 (63.3%)
Patch 2,517 (16.3%)
Removal 289 (1.9%)