NodeJS/ajv/8.0.0-beta.2
Another JSON Schema Validator
https://www.npmjs.com/package/ajv
MIT
1 Security Vulnerabilities
ajv has ReDoS when using `$data` option
Published date: 2026-02-11T21:30:39Z
CVE: CVE-2025-69873
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2025-69873
- https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md
- https://github.com/ajv-validator/ajv/pull/2586
- https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5
- https://github.com/ajv-validator/ajv/releases/tag/v8.18.0
- https://github.com/advisories/GHSA-2g4f-4pwh-qvx6
- https://github.com/ajv-validator/ajv/pull/2588
- https://github.com/ajv-validator/ajv/releases/tag/v6.14.0
ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., \"^(a|a)*$\") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation.
Affected versions: ["6.12.6", "6.12.5", "6.12.4", "6.12.3", "6.12.2", "6.12.1", "6.12.0", "6.11.0", "6.10.2", "6.10.1", "6.10.0", "6.9.2", "6.9.1", "6.9.0", "6.8.1", "6.8.0", "6.7.0", "6.6.2", "6.6.1", "6.6.0", "6.5.5", "6.5.4", "6.5.3", "6.5.2", "6.5.1", "6.5.0", "6.4.0", "6.3.0", "6.2.1", "6.2.0", "6.1.1", "6.1.0", "6.0.1", "6.0.0", "6.0.0-rc.1", "6.0.0-rc.0", "6.0.0-beta.2", "6.0.0-beta.1", "6.0.0-beta.0", "5.5.2", "5.5.1", "5.5.0", "5.4.0", "5.3.0", "5.2.5", "5.2.4", "5.2.3", "5.2.2", "5.2.1", "5.2.0", "5.1.6", "5.1.5", "5.1.4", "5.1.3", "5.1.2", "5.1.1", "5.1.0", "5.0.4-beta.3", "5.0.4-beta.2", "5.0.4-beta.1", "5.0.4-beta.0", "5.0.3-beta.0", "5.0.2-beta.0", "5.0.1", "5.0.1-beta.3", "5.0.1-beta.2", "5.0.1-beta.1", "5.0.1-beta.0", "5.0.0", "5.0.0-beta.1", "5.0.0-beta.0", "4.11.8", "4.11.7", "4.11.6", "4.11.5", "4.11.4", "4.11.3", "4.11.2", "4.11.1", "4.11.0", "4.10.4", "4.10.3", "4.10.2", "4.10.1", "4.10.0", "4.9.3", "4.9.2", "4.9.1", "4.9.0", "4.8.2", "4.8.1", "4.8.0", "4.7.7", "4.7.6", "4.7.5", "4.7.4", "4.7.3", "4.7.2", "4.7.1", "4.7.0", "4.6.1", "4.6.0", "4.5.0", "4.4.1", "4.4.0", "4.3.1", "4.3.0", "4.2.0", "4.1.8", "4.1.7", "4.1.6", "4.1.5", "4.1.4", "4.1.3", "4.1.2", "4.1.1", "4.1.0", "4.0.6", "4.0.5", "4.0.4", "4.0.3", "4.0.2", "4.0.1", "4.0.0", "3.8.10", "3.8.9", "3.8.8", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.8.0", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.5.3", "3.5.2", "3.5.1", "3.5.0", "3.4.0", "3.3.1", "3.3.0", "3.2.3", "3.2.2", "3.2.1", "3.2.0", "3.1.1", "3.1.0", "3.0.4", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "2.5.0", "2.4.0", "2.3.0", "2.2.2", "2.2.1", "2.2.0", "2.1.4", "2.1.3", "2.1.2", "2.1.0", "2.0.4", "2.0.3", "2.0.2", "2.0.1", "2.0.0", "2.0.0-beta.3", "2.0.0-beta.2", "2.0.0-beta.1", "2.0.0-beta.0", "1.4.10", "1.4.9", "1.4.8", "1.4.7", "1.4.6", "1.4.5", "1.4.4", "1.4.3", "1.4.2", "1.4.1", "1.4.0", "1.3.2", "1.3.1", "1.3.0", "1.2.1", "1.2.0", "1.1.1", "1.0.1", "1.0.0", "0.7.2", "0.7.1", "0.7.0", "0.6.15", "0.6.14", "0.6.13", "0.6.12", "0.6.11", "0.6.10", "0.6.9", "0.6.8", "0.6.7", "0.6.6", "0.6.5", "0.6.4", "0.6.3", "0.6.2", "0.6.1", "0.6.0", "0.5.12", "0.5.11", "0.5.10", "0.5.9", "0.5.8", "0.5.7", "0.5.6", "0.5.5", "0.5.4", "0.5.3", "0.5.2", "0.5.0", "0.4.15", "0.4.14", "0.4.12", "0.4.10", "0.4.9", "0.4.8", "0.4.7", "0.4.6", "0.4.5", "0.4.4", "0.4.3", "0.4.2", "0.4.1", "0.4.0", "0.3.12", "0.3.11", "0.3.8", "0.3.7", "0.3.6", "0.3.5", "0.3.4", "0.3.3", "0.3.2", "0.3.1", "0.3.0", "0.2.9", "0.2.8", "0.2.7", "0.2.6", "0.2.5", "0.2.4", "0.2.3", "0.2.2", "0.2.1", "0.2.0", "0.1.16", "0.1.15", "0.1.14", "0.1.13", "0.1.12", "0.1.11", "0.1.10", "0.1.9", "0.1.8", "0.1.7", "0.1.6", "0.1.5", "0.1.4", "0.1.3", "0.1.2", "0.1.1", "0.1.0", "0.0.12", "0.0.11", "0.0.10", "0.0.9", "0.0.8", "0.0.7", "0.0.6", "0.0.5", "0.0.4", "8.17.1", "8.16.0", "8.15.0", "8.14.0", "8.13.0", "8.12.0", "8.11.2", "8.11.1", "8.11.0", "8.10.0", "8.9.0", "8.8.2", "8.8.1", "8.8.0", "8.7.1", "8.7.0", "8.6.3", "8.6.2", "8.6.1", "8.6.0", "8.5.0", "8.4.0", "8.3.0", "8.2.0", "8.1.0", "8.0.5", "8.0.4", "8.0.3", "8.0.2", "8.0.1", "8.0.0", "8.0.0-beta.4", "8.0.0-beta.3", "8.0.0-beta.2", "8.0.0-beta.1", "8.0.0-beta.0", "7.2.4", "7.2.3", "7.2.2", "7.2.1", "7.2.0", "7.1.1", "7.1.0", "7.0.4", "7.0.3", "7.0.2", "7.0.1", "7.0.0", "7.0.0-rc.5", "7.0.0-rc.4", "7.0.0-rc.3", "7.0.0-rc.2", "7.0.0-rc.1", "7.0.0-rc.0", "7.0.0-beta.9", "7.0.0-beta.8", "7.0.0-beta.7", "7.0.0-beta.6", "7.0.0-beta.5", "7.0.0-beta.4", "7.0.0-beta.3", "7.0.0-beta.2", "7.0.0-beta.1", "7.0.0-beta.0", "7.0.0-alpha.1", "7.0.0-alpha.0"]
Secure versions: [6.14.0, 8.18.0]
Recommendation: Update to version 8.18.0.
357 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 8.18.0 | MIT | 2026-02-14 - 15:41 | 13 days | |
| 8.17.1 | MIT | 1 | 2024-07-12 - 20:42 | over 1 year |
| 8.16.0 | MIT | 1 | 2024-06-04 - 19:11 | over 1 year |
| 8.15.0 | MIT | 1 | 2024-06-03 - 20:36 | over 1 year |
| 8.14.0 | MIT | 1 | 2024-05-25 - 22:02 | almost 2 years |
| 8.13.0 | MIT | 1 | 2024-04-29 - 23:33 | almost 2 years |
| 8.12.0 | MIT | 1 | 2023-01-03 - 14:19 | about 3 years |
| 8.11.2 | MIT | 1 | 2022-11-13 - 22:16 | over 3 years |
| 8.11.1 | MIT | 1 | 2022-11-13 - 22:05 | over 3 years |
| 8.11.0 | MIT | 1 | 2022-03-22 - 22:19 | almost 4 years |
| 8.10.0 | MIT | 1 | 2022-02-04 - 18:22 | about 4 years |
| 8.9.0 | MIT | 1 | 2022-01-15 - 13:01 | about 4 years |
| 8.8.2 | MIT | 1 | 2021-11-21 - 19:07 | over 4 years |
| 8.8.1 | MIT | 1 | 2021-11-16 - 20:20 | over 4 years |
| 8.8.0 | MIT | 1 | 2021-11-13 - 18:33 | over 4 years |
| 8.7.1 | MIT | 1 | 2021-11-08 - 21:12 | over 4 years |
| 8.7.0 | MIT | 1 | 2021-11-08 - 20:15 | over 4 years |
| 8.6.3 | MIT | 1 | 2021-09-12 - 18:20 | over 4 years |
| 8.6.2 | MIT | 1 | 2021-07-15 - 20:13 | over 4 years |
| 8.6.1 | MIT | 1 | 2021-07-04 - 09:53 | over 4 years |
| 8.6.0 | MIT | 1 | 2021-06-06 - 14:57 | over 4 years |
| 8.5.0 | MIT | 1 | 2021-05-20 - 13:33 | almost 5 years |
| 8.4.0 | MIT | 1 | 2021-05-14 - 20:12 | almost 5 years |
| 8.3.0 | MIT | 1 | 2021-05-09 - 11:34 | almost 5 years |
| 8.2.0 | MIT | 1 | 2021-04-27 - 15:08 | almost 5 years |
| 8.1.0 | MIT | 1 | 2021-04-11 - 16:52 | almost 5 years |
| 8.0.5 | MIT | 1 | 2021-04-02 - 15:54 | almost 5 years |
| 8.0.4 | MIT | 1 | 2021-04-02 - 12:53 | almost 5 years |
| 8.0.3 | MIT | 1 | 2021-04-01 - 07:04 | almost 5 years |
| 8.0.2 | MIT | 1 | 2021-03-31 - 08:00 | almost 5 years |
| 8.0.1 | MIT | 1 | 2021-03-27 - 22:47 | almost 5 years |
| 8.0.0 | MIT | 1 | 2021-03-27 - 12:44 | almost 5 years |
| 8.0.0-beta.4 | MIT | 1 | 2021-03-23 - 07:37 | almost 5 years |
| 8.0.0-beta.3 | MIT | 1 | 2021-03-21 - 18:44 | almost 5 years |
| 8.0.0-beta.2 | MIT | 1 | 2021-03-16 - 20:22 | almost 5 years |
| 8.0.0-beta.1 | MIT | 1 | 2021-03-15 - 07:56 | almost 5 years |
| 8.0.0-beta.0 | MIT | 1 | 2021-03-13 - 11:08 | almost 5 years |
| 7.2.4 | MIT | 1 | 2021-03-26 - 08:19 | almost 5 years |
| 7.2.3 | MIT | 1 | 2021-03-20 - 07:01 | almost 5 years |
| 7.2.2 | MIT | 1 | 2021-03-20 - 06:43 | almost 5 years |
| 7.2.1 | MIT | 1 | 2021-03-07 - 19:03 | almost 5 years |
| 7.2.0 | MIT | 1 | 2021-03-07 - 10:00 | almost 5 years |
| 7.1.1 | MIT | 1 | 2021-02-17 - 09:09 | about 5 years |
| 7.1.0 | MIT | 1 | 2021-02-11 - 08:42 | about 5 years |
| 7.0.4 | MIT | 1 | 2021-02-01 - 21:04 | about 5 years |
| 7.0.3 | MIT | 1 | 2021-01-02 - 11:09 | about 5 years |
| 7.0.2 | MIT | 1 | 2020-12-19 - 18:42 | about 5 years |
| 7.0.1 | MIT | 1 | 2020-12-16 - 19:42 | about 5 years |
| 7.0.0 | MIT | 1 | 2020-12-15 - 19:12 | about 5 years |
| 7.0.0-rc.5 | MIT | 1 | 2020-12-14 - 20:08 | about 5 years |