`undici`

Ecosystem:
npm

Package URL:
pkg:npm/undici

Total PRs:
15,466 Dependabot PRs

Latest PR:
about 7 hours ago

Unique Repositories:
9,710 repositories

Unique Repos (30 days):
182 repositories

Security Advisories

undici Denial of Service attack via bad certificate data

GHSA-cxrh-j4jr-qwg3 CVE-2025-47279 LOW published about 1 year ago • updated about 17 hours ago

### Impact Applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certifi...

Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type

GHSA-f772-66g8-q5h3 CVE-2022-35948 MODERATE published almost 4 years ago • updated about 1 month ago

### Impact `=< undici@5.8.0` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specificall...

undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect

GHSA-q768-x9m6-m9qp CVE-2022-31151 LOW published almost 4 years ago • updated about 1 month ago

### Impact Authorization headers are already cleared on cross-origin redirect in https://github.com/nodejs/undici/blob/main/lib/handler/redirect.j...

Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

GHSA-g9mf-h72j-4rw9 CVE-2026-22036 MODERATE published 5 months ago • updated 2 days ago

### Impact The `fetch()` API supports chained HTTP encoding algorithms for response content according to RFC 9110 (e.g., Content-Encoding: gzip, b...

Use of Insufficiently Random Values in undici

GHSA-c76h-2ccp-4975 CVE-2025-22150 MODERATE published over 1 year ago • updated 5 days ago

### Impact [Undici `fetch()` uses Math.random()](https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body...

View all 22 advisories

Recent PRs (filtered by: Patch PRs )

RSS Feed Clear filter

Bump the npm group in /frontend with 72 updates

kiesraad/abacus #3186

7.24.6 → 7.24.8 Patch PR

Open about 2 months ago 3 comments

chore(deps-dev): bump undici from 8.0.2 to 8.0.3

IgorGanapolsky/ThumbGate #756

8.0.2 → 8.0.3 Patch PR

Open about 2 months ago 5 comments

Bump undici from 7.24.4 to 7.24.8

wlnbing/5556 #88

7.24.4 → 7.24.8 Patch PR

Open about 2 months ago 2 comments

chore(deps): bump undici from 8.0.1 to 8.0.3

wesleykirkland/Filtarr #78

8.0.1 → 8.0.3 Patch PR

Open about 2 months ago 3 comments

deps(deps-dev): bump undici from 7.24.6 to 7.24.8

commjoen/generated-game-experiment #469

7.24.6 → 7.24.8 Patch PR

Open about 2 months ago 2 comments

Bump the npm-minor-patch group with 2 updates

MrSaerus/ym2lidarr #257

8.0.2 → 8.0.3 Patch PR

Closed about 2 months ago 2 comments

build(deps): bump undici from 8.0.2 to 8.0.3

roebi/github-api-get #281

8.0.2 → 8.0.3 Patch PR

Open about 2 months ago 1 comment

chore(deps): bump undici from 8.0.2 to 8.0.3

pablopfg/evolution-api #924

8.0.2 → 8.0.3 Patch PR

Open about 2 months ago 2 comments

chore(deps): bump undici from 8.0.1 to 8.0.2 in /hfs

FlarelyLegal/worker-secrets #24

8.0.1 → 8.0.2 Patch PR

Closed 2 months ago 1 comment

Bump the npm_and_yarn group across 15 directories with 19 updates

jgeofil/hash #39

5.28.4 → 5.28.5 Patch PR

Open 2 months ago 1 comment

Bump the npm_and_yarn group across 10 directories with 20 updates

jgeofil/hash #36

5.28.4 → 5.28.5 Patch PR

Open 2 months ago 2 comments

Bump the npm group in /frontend with 65 updates

kiesraad/abacus #3145

7.24.6 → 7.24.7 Patch PR

Open 2 months ago 2 comments

build(deps): bump undici from 7.24.5 to 7.24.7

kubernetes-client/javascript #2819

7.24.5 → 7.24.7 Patch PR

Open 2 months ago 1 comment

Bump the npm_and_yarn group across 10 directories with 19 updates

jgeofil/hash #35

5.28.4 → 5.28.5 Patch PR

Closed 2 months ago 1 comment

Bump the npm_and_yarn group across 12 directories with 18 updates

jgeofil/hash #33

5.28.4 → 5.28.5 Patch PR

Closed 2 months ago 2 comments

build(deps): bump the server group across 1 directory with 2 updates

DEFRA/gep-find-geo-data-frontend #34

7.24.6 → 7.24.7 Patch PR

Open 2 months ago 1 comment

chore(deps): bump undici from 8.0.0 to 8.0.2

pablopfg/evolution-api #910

8.0.0 → 8.0.2 Patch PR

Open 2 months ago 2 comments

chore(deps): bump undici from 7.24.6 to 7.24.7

9renpoto/vgmo #202

7.24.6 → 7.24.7 Patch PR

Open 2 months ago 2 comments

build(deps-dev): bump the npm-dev group across 1 directory with 37 updates

openfoodfacts/openfoodfacts-auth #348

7.24.5 → 7.24.7 Patch PR

Open 2 months ago 1 comment

Bump the npm_and_yarn group across 13 directories with 20 updates

jgeofil/hash #30

5.28.4 → 5.28.5 Patch PR

Open 2 months ago 1 comment

Bump the npm_and_yarn group across 15 directories with 21 updates

jgeofil/hash #29

5.28.4 → 5.28.5 Patch PR

Closed 2 months ago 2 comments

Bump undici from 7.24.4 to 7.24.7

wlnbing/5556 #53

7.24.4 → 7.24.7 Patch PR

Closed 2 months ago 3 comments

Bump undici from 7.24.5 to 7.24.7

grandunifiedtheotries/2222 #37

7.24.5 → 7.24.7 Patch PR

Open 2 months ago 2 comments

build(deps-dev): Bump undici from 7.24.6 to 7.24.7

mitre/saf #6925

7.24.6 → 7.24.7 Patch PR

Open 2 months ago 1 comment

build(deps-dev): bump undici from 7.24.0 to 7.24.7

jshttp/mime-db #457

7.24.0 → 7.24.7 Patch PR

Closed 2 months ago 2 comments

chore(deps): bump the npm-minor-patch group across 1 directory with 22 updates

anastomotic-ai/anastomotic #16

7.24.5 → 7.24.7 Patch PR

Open 2 months ago 1 comment

Bump undici from 7.24.5 to 7.24.6

lokalise/node-lokalise-api #554

7.24.5 → 7.24.6 Patch PR

Open 2 months ago 1 comment

chore(deps-dev): Bump undici from 7.24.4 to 7.24.7 in /ruh-frontend

ruh-ai/openclaw-ruh #23

7.24.4 → 7.24.7 Patch PR

Closed 2 months ago 1 comment

deps: bump undici from 7.24.6 to 7.24.7

Tiliavir/mvw-search-index #537

7.24.6 → 7.24.7 Patch PR

Closed 2 months ago 1 comment

chore(deps-dev): bump undici from 7.24.6 to 7.24.7

Bitti09/bgp.mom #171

7.24.6 → 7.24.7 Patch PR

Closed 2 months ago 2 comments

deps-dev(deps-dev): bump undici from 7.24.6 to 7.24.7

egarcia74/warp-sql-server-mcp #528

7.24.6 → 7.24.7 Patch PR

Closed 2 months ago 7 comments

chore(deps): bump the npm-minor-patch group across 1 directory with 20 updates

xztxy/openwork #31

7.24.5 → 7.24.6 Patch PR

Open 2 months ago 1 comment

build(deps): bump the prod-minor-versions group across 1 directory with 3 updates

DTS-STN/canada-disability-benefit #149

7.24.5 → 7.24.6 Patch PR

Closed 2 months ago 1 comment

chore(deps)(deps): bump the production-dependencies group across 1 directory with 32 updates

Outboxy/outboxy #23

7.24.1 → 7.24.6 Patch PR

Open 2 months ago 2 comments

Bump the backend-all group in /backend with 12 updates

jlort1721-alt/aion-vision-hub #38

7.24.5 → 7.24.6 Patch PR

Closed 2 months ago 2 comments

🧱(deps-dev): Bump undici from 7.24.0 to 7.24.6

BondIT-ApS/team-shuffler #83

7.24.0 → 7.24.6 Patch PR

Closed 2 months ago 6 comments

chore(deps): bump the all-npm-dependencies group across 1 directory with 10 updates

garybrowndev/PinballAccuracyMemoryTrainer #136

7.24.5 → 7.24.6 Patch PR

Closed 2 months ago 2 comments

chore(deps)(deps): Bump the dependencies group across 1 directory with 30 updates

arlenagreer/sastamps #60

7.24.4 → 7.24.6 Patch PR

Open 2 months ago 2 comments

⬆️(deps-dev): Bump undici from 7.24.5 to 7.24.6

Firworksyt/PortfolioWrangler #103

7.24.5 → 7.24.6 Patch PR

Open 2 months ago 1 comment

chore(deps): bump the all-minor-and-patch group across 1 directory with 20 updates

IsmaelMartinez/betis-escocia #366

7.24.5 → 7.24.6 Patch PR

Open 2 months ago 2 comments

Bump the npm-development group with 3 updates

hakwerk/gha-git-repo-tags #120

7.24.5 → 7.24.6 Patch PR

Closed 2 months ago 1 comment

deps: bump undici from 7.24.5 to 7.24.6

hcuk94/fuelaware #14

7.24.5 → 7.24.6 Patch PR

Closed 2 months ago 1 comment

chore(deps)(deps): bump the minor-and-patch group across 1 directory with 9 updates

KingInYellows/codemachine-pipeline #888

7.24.4 → 7.24.6 Patch PR

Closed 2 months ago 4 comments

chore(deps): Bump the dependencies group with 9 updates

equaltoai/greater-components #443

7.24.5 → 7.24.6 Patch PR

Open 2 months ago 3 comments

chore(deps): bump undici from 7.24.0 to 7.24.6 in the npm-minor-patch group

TirionIthildin/dread.lol #69

7.24.0 → 7.24.6 Patch PR

Closed 2 months ago 1 comment

chore(deps)(deps): bump the npm-dependencies group in /packages/web-app-vercel with 31 updates

Hiroki-org/Audicle #601

7.24.1 → 7.24.6 Patch PR

Closed 2 months ago 4 comments

chore(deps): bump the minor-updates group across 4 directories with 9 updates

growthxai/output #86

7.24.5 → 7.24.6 Patch PR

Closed 3 months ago 1 comment

chore(deps): bump the npm-minor-patch group across 1 directory with 11 updates

anastomotic-ai/anastomotic #15

7.24.5 → 7.24.6 Patch PR

Closed 3 months ago 2 comments

deps-dev(deps-dev): Bump undici from 7.24.5 to 7.24.6

egarcia74/warp-sql-server-mcp #513

7.24.5 → 7.24.6 Patch PR

Closed 3 months ago 13 comments

Bump undici from 7.24.4 to 7.24.6

wlnbing/5556 #38

7.24.4 → 7.24.6 Patch PR

Open 3 months ago 3 comments

Package Details

Name:	`undici`
Ecosystem:	npm
PURL Type:	npm
Package URL:	`pkg:npm/undici`
JSON API:	View JSON

Security Advisories

22

Active advisories

HIGH 5

MODERATE 10

LOW 7

View All npm Advisories

Package Information

Description:

An HTTP/1.1 client, written from scratch for Node.js

Repository:	https://github.com/nodejs/undici
Homepage:	https://undici.nodejs.org
Latest Release:	`7.10.0` about 1 year ago
Dependent Repos:	98,048
Dependent Packages:	1,956
Downloads:	76,040,467
Ranking:	Top 0.1008% by dependent repos Top 0.0472% by downloads Top 0.0399% by dependent pkgs

PR Status

Open 7,061 (45.7%)

Merged 2,108 (13.6%)

Closed 4,607 (29.8%)

PR Types

Major 1,135 (7.3%)

Minor 9,785 (63.3%)

Patch 2,517 (16.3%)

Removal 289 (1.9%)