Known vulnerabilities in Koa.js koa

Vendor: Koa.js

Website: https://koajs.com/

Total Security Bulletins: 4

Security bulletins (4)

Secuity bulletin	Severity	Status	Published
SB2026022332: Open redirect in KoaJS Koa	Low	Patched	23.02.2026
SB20251022157: Open redirect in koa	Low	Patched Public exploit	22.10.2025
SB2025062726: Cross-site scripting in Koa	Low	Patched	27.06.2025
SB2025050956: Inefficient regular expression complexity in Koa.js koa	Critical	Patched	09.05.2025