[GHSA-2g4f-4pwh-qvx6] ajv (Another JSON Schema Validator) through version 8.17...#6879
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request updates a security advisory for the ajv (Another JSON Schema Validator) npm package to include details about a Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2025-69873). The advisory documents that the vulnerability affects all versions up to 8.17.1 and has been fixed in version 8.18.0.
Changes:
- Added vulnerability summary and detailed description of the ReDoS issue when using the
$dataoption - Added affected package information specifying npm ecosystem, package name "ajv", and version range
- Updated the modified timestamp to reflect the advisory update
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "aliases": [ | ||
| "CVE-2025-69873" | ||
| ], | ||
| "summary": "ajv", |
There was a problem hiding this comment.
The summary field only contains "ajv" which is just the package name. Consider making the summary more descriptive by including the vulnerability type, for example: "ajv vulnerable to Regular Expression Denial of Service (ReDoS)" or "ReDoS vulnerability in ajv when using $data option". This would make the advisory more informative at a glance.
| "summary": "ajv", | |
| "summary": "ReDoS vulnerability in ajv when using $data option", |
Updates
Comments
Fix released