Ajv Ajvjs Ajv

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Ajvjs Ajv.

By the Year

In 2026 there have been 1 vulnerability in Ajvjs Ajv with an average score of 7.5 out of ten. Ajv did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.

Year Vulnerabilities Average Score
2026 1 7.50
2025 0 0.00
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 1 5.60

It may take a day or so for new Ajv vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Ajvjs Ajv Security Vulnerabilities

CVE-2025-69873: ajv 8.17.1 ReDoS via $data regex injection
CVE-2025-69873 7.5 - High - February 11, 2026

ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., "^(a|a)*$") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0.

ReDoS

An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2
CVE-2020-15366 5.6 - Medium - July 15, 2020

An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)

Prototype Pollution

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Ajvjs Ajv or by Ajvjs? Click the Watch button to subscribe.

Ajvjs
Vendor

Ajvjs Ajv
Product

subscribe