Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

fastify — Vulnerabilities & Security Advisories 28

Browse all 28 CVE security advisories affecting fastify. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products fastify:fastifyfastify-reply-fromfastify-passportfastify-multipart@fastify/expressfastify-http-proxyfastify-csrfgithub-action-merge-dependabotfastify-bearer-authfastify-websocketcsrf-protectionfastify-swagger-uifastify-secure-sessionsessionmiddiefastify-express
CVE IDTitleCVSSSeverityPaused
CVE-2026-33807 @fastify/express vulnerable to middleware path doubling causing authentication bypass in child plugin scopes — @fastify/expressCWE-436 9.1 Critical2026-04-15
CVE-2026-33808 @fastify/express vulnerable to middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons) — @fastify/expressCWE-436 9.1 -2026-04-15
CVE-2026-33806 fastify vulnerable to Body Schema Validation Bypass via Leading Space in Content-Type Header — fastifyCWE-1287 7.5 High2026-04-15
CVE-2026-3635 Fastify request.protocol and request.host spoofable via X-Forwarded-Proto/Host from untrusted connections when trustProxy uses restrictive trust function — fastifyCWE-348 6.1 Medium2026-03-23
CVE-2026-3419 Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation — fastifyCWE-185 5.3 Medium2026-03-06
CVE-2026-25223 Fastify's Content-Type header tab character allows body validation bypass — fastifyCWE-436 7.5 High2026-02-03
CVE-2026-25224 Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream — fastifyCWE-770 3.7 Low2026-02-03
CVE-2026-22037 @fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding) — fastify-expressCWE-177 8.4 High2026-01-19
CVE-2026-22031 Fastify Middie Middleware Path Bypass — middieCWE-177 8.4 High2026-01-19
CVE-2025-66415 fastify-reply-from bypass of reply forwarding — fastify-reply-fromCWE-441 6.5AIMediumAI2025-12-01
CVE-2025-32442 Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass — fastifyCWE-1287 7.5 High2025-04-18
CVE-2025-24033 @fastify/multipart vulnerable to unlimited consumption of resources — fastify-multipartCWE-770 7.5 High2025-01-23
CVE-2024-35220 @fastify/session reuses destroyed session cookie — sessionCWE-613 7.4 High2024-05-21
CVE-2024-31999 @fastify/secure-session: Reuse of destroyed secure session cookie — fastify-secure-sessionCWE-613 7.4 High2024-04-10
CVE-2024-22207 Default swagger-ui configuration exposes all files in the module — fastify-swagger-uiCWE-1188 5.3 Medium2024-01-15
CVE-2023-51701 @fastify-reply-from JSON Content-Type parsing confusion — fastify-reply-fromCWE-444 5.3 Medium2024-01-08
CVE-2023-29020 Cross site request forgery token fixation in fastify-passport — fastify-passportCWE-384 6.5 Medium2023-04-21
CVE-2023-29019 Session fixation in fastify-passport — fastify-passportCWE-384 8.1 High2023-04-21
CVE-2023-27495 Bypass of CSRF protection in the presence of predictable userInfo in @fastify/csrf-protection — csrf-protectionCWE-352 5.3 Medium2023-04-20
CVE-2023-25576 @fastify/multipart vulnerable to DoS due to unlimited number of parts — fastify-multipartCWE-770 7.5 High2023-02-14
CVE-2022-41919 Fastify vulnerable to Cross-Site Request Forgery (CSRF) attack via incorrect content type — fastifyCWE-352 4.2 Medium2022-11-22
CVE-2022-39386 fastify-websocket vulnerable to uncaught exception via crash on malformed packet — fastify-websocketCWE-248 7.5 High2022-11-08
CVE-2022-39288 Denial of service in Fastify via Content-Type header — fastifyCWE-754 7.5 High2022-10-10
CVE-2022-31142 Potential Timing Attack Vector in @fastify/bearer-auth — fastify-bearer-authCWE-208 7.5 High2022-07-14
CVE-2022-29220 No verification of commits origin in github-action-merge-dependabot — github-action-merge-dependabotCWE-283 6.5 Medium2022-05-31
CVE-2021-29624 Lack of protection against cookie tossing attacks in fastify-csrf — fastify-csrfCWE-565 6.5 Medium2021-05-19
CVE-2021-21321 Prefix escape — fastify-reply-fromCWE-20 10.0 Critical2021-03-02
CVE-2021-21322 Prefix escape — fastify-http-proxyCWE-20 10.0 Critical2021-03-02

This page lists every published CVE security advisory associated with fastify. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.