on-headers (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package on-headers, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (1)
CVE-2025-7339 — CVSS 3.4 (low): on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions `<1.1.0` may result in…