GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
12 advisories
@fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option
High
CVE-2026-33804
was published
for
@fastify/middie
(npm)
Apr 16, 2026
Fastify has a Body Schema Validation Bypass via Leading Space in Content-Type Header
High
CVE-2026-33806
was published
for
fastify
(npm)
Apr 15, 2026
Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression
High
CVE-2026-1526
was published
for
undici
(npm)
Mar 13, 2026
Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation
High
CVE-2026-2229
was published
for
undici
(npm)
Mar 13, 2026
Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client
High
CVE-2026-1528
was published
for
undici
(npm)
Mar 13, 2026
@fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware
High
CVE-2026-2880
was published
for
@fastify/middie
(npm)
Feb 28, 2026
@fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)
High
CVE-2026-22037
was published
for
@fastify/express
(npm)
Jan 20, 2026
Fastify Middie Middleware Path Bypass
High
CVE-2026-22031
was published
for
@fastify/middie
(npm)
Jan 20, 2026
Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass
High
CVE-2025-32442
was published
for
fastify
(npm)
Apr 18, 2025
find-my-way has a ReDoS vulnerability in multiparametric routes
High
CVE-2024-45813
was published
for
find-my-way
(npm)
Sep 18, 2024
@fastify/secure-session: Reuse of destroyed secure session cookie
High
CVE-2024-31999
was published
for
@fastify/secure-session
(npm)
Apr 10, 2024
@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state
High
CVE-2023-31999
was published
for
@fastify/oauth2
(npm)
Jul 5, 2023
ProTip!
Advisories are also available from the
GraphQL API