Browse all 7 CVE security advisories affecting octokit. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Octokit serves as the official GitHub API client for JavaScript and other programming languages, enabling developers to interact with GitHub repositories, issues, and pull programmatically. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure deserialization. While no major public incidents have been widely documented, the seven recorded CVEs highlight risks in how it handles API responses and processes user-supplied data. Its security posture relies on regular updates and proper implementation by developers to mitigate potential exploitation through malicious payloads or misconfigured access controls.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-25290 | @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking — request.jsCWE-1333 | 5.3 | Medium | 2025-02-14 |
This page lists every published CVE security advisory associated with octokit. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.