npm vulnerability intelligence

ajv NPM Package
Vulnerability Check

Another JSON Schema Validator

Moderate MIT v8.20.0
Vulnerability Analysis OSV Live

ajv

v8.20.0 · MIT · 306,625,453 dl/wk

Advisory Breakdown

Critical 0
High 0
Moderate 2
Low 0

Severity Rating

Moderate

2 advisories

Moderate

Weekly downloads

306,625,453

Total advisories

2

Latest version

8.20.0

License

MIT

Advisories Package Info Runtime

Known advisories

OSV records for the npm ecosystem

2
GHSA-2g4f-4pwh-qvx6 CVE-2025-69873 moderate

ajv has ReDoS when using `$data` option

Affected: >=7.0.0-alpha.0 <8.18.0, >=0 <6.14.0 Fixed in: 8.18.0, 6.14.0 Updated Mar 4, 2026
View source
GHSA-v88g-cgmw-v5xw CVE-2020-15366 moderate

Prototype Pollution in Ajv

Affected: >=0 <6.12.3 Fixed in: 6.12.3 Updated Jun 21, 2024
View source

Checked May 22, 2026, 7:04 PM from npm and OSV.dev

Package metadata

From the npm registry

Package name
ajv
Ecosystem
npm
Latest version
8.20.0
License
MIT
Weekly downloads
306,625,453
Repository
Open repository

Remediation boundary

What RequestGuard does — and doesn't — cover

RequestGuard does not fix npm package vulnerabilities. Dependency remediation happens through package updates, patches, lockfile changes, and maintainer guidance. RequestGuard can help mitigate runtime abuse around exposed web and API flows while remediation is handled separately.

Signup flows
Login attempts
API traffic

Protect runtime flows →

Allow, challenge, review, and block decisions for exposed endpoints.

Data from npm registry and OSV.dev · Checked 5/22/2026, 7:04:07 PM