| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-22207 | Default swagger-ui configuration exposes all files in the module | fastify | fastify-swagger-ui | Medium | 5.3 | 2024-01-15 15:40:35 | Deep Dive |
| CVE-2023-51701 | @fastify-reply-from JSON Content-Type parsing confusion | fastify | fastify-reply-from | Medium | 5.3 | 2024-01-08 13:55:05 | Deep Dive |
| CVE-2023-31999 | Fastify 跨站请求伪造漏洞 | npm | @fastify/oauth2 | 高危 | - | 2023-07-04 16:29:20 | Deep Dive |
| CVE-2023-29020 | Cross site request forgery token fixation in fastify-passport | fastify | fastify-passport | Medium | 6.5 | 2023-04-21 22:31:57 | Deep Dive |
| CVE-2023-29019 | Session fixation in fastify-passport | fastify | fastify-passport | High | 8.1 | 2023-04-21 22:28:55 | Deep Dive |
| CVE-2023-27495 | Bypass of CSRF protection in the presence of predictable userInfo in @fastify/csrf-protection | fastify | csrf-protection | Medium | 5.3 | 2023-04-20 17:05:22 | Deep Dive |
| CVE-2023-25576 | @fastify/multipart vulnerable to DoS due to unlimited number of parts | fastify | fastify-multipart | High | 7.5 | 2023-02-14 15:04:11 | Deep Dive |
| CVE-2022-41919 | Fastify vulnerable to Cross-Site Request Forgery (CSRF) attack via incorrect content type | fastify | fastify | Medium | 4.2 | 2022-11-22 00:00:00 | Deep Dive |
| CVE-2022-39386 | fastify-websocket vulnerable to uncaught exception via crash on malformed packet | fastify | fastify-websocket | High | 7.5 | 2022-11-08 00:00:00 | Deep Dive |
| CVE-2022-39288 | Denial of service in Fastify via Content-Type header | fastify | fastify | High | 7.5 | 2022-10-10 00:00:00 | Deep Dive |
| CVE-2022-31142 | Potential Timing Attack Vector in @fastify/bearer-auth | fastify | fastify-bearer-auth | High | 7.5 | 2022-07-14 18:55:11 | Deep Dive |
| CVE-2022-29220 | No verification of commits origin in github-action-merge-dependabot | fastify | github-action-merge-dependabot | Medium | 6.5 | 2022-05-31 16:10:10 | Deep Dive |
| CVE-2021-23597 | Denial of Service (DoS) | - | fastify-multipart | High | 7.5 | 2022-02-11 17:05:13 | Deep Dive |
| CVE-2021-22963 | Fastify-Static 输入验证错误漏洞 | - | https://github.com/fastify/fastify-static | 中危 | - | 2021-10-14 14:50:11 | Deep Dive |
| CVE-2021-22964 | Fastify-Static 输入验证错误漏洞 | - | https://github.com/fastify/fastify-static | 高危 | - | 2021-10-14 14:50:07 | Deep Dive |
| CVE-2021-29624 | Lack of protection against cookie tossing attacks in fastify-csrf | fastify | fastify-csrf | Medium | 6.5 | 2021-05-19 21:15:28 | Deep Dive |
| CVE-2021-21321 | Prefix escape | fastify | fastify-reply-from | Critical | 10.0 | 2021-03-02 03:35:25 | Deep Dive |
| CVE-2021-21322 | Prefix escape | fastify | fastify-http-proxy | Critical | 10.0 | 2021-03-02 03:35:17 | Deep Dive |
| CVE-2020-28482 | Cross-site Request Forgery (CSRF) | - | fastify-csrf | Medium | 5.9 | 2021-01-19 14:50:18 | Deep Dive |
| CVE-2020-8192 | Fastify 资源管理错误漏洞 | - | fastify | 中危 | - | 2020-07-30 12:53:02 | Deep Dive |