fastify Latest Vulnerabilities

Latest vulnerabilities published by fastify

JSON RSS CSV 🔔 Create Alert Trigger

15 April 2026

Vulnerability in Fastify Applications Affecting Content-Type Validation
CVE-2026-33806
FastifyFastify7.5HIGH

23 March 2026

Spoofing Vulnerability in Fastify Framework by Fastify Team
CVE-2026-3635
FastifyFastify6.1MEDIUM

6 March 2026

Fastify Malformed Content-Type Header Vulnerability - Fastify
CVE-2026-3419
FastifyFastify5.3MEDIUM

3 February 2026

Validation Bypass Vulnerability in Fastify Web Framework for Node.js
CVE-2026-25223
FastifyFastify7.5HIGH
Denial-of-Service Vulnerability in Fastify Web Framework for Node.js
CVE-2026-25224
FastifyFastify3.7LOW

19 January 2026

1 December 2025

Unauthenticated Route Access in Fastify Reply From Plugin
CVE-2025-66415
FastifyFastify-reply-from6.9MEDIUM

18 April 2025

Validation Bypass in Fastify Web Framework Affecting Node.js Applications
CVE-2025-32442
FastifyFastify7.5HIGH

23 January 2025

Improper Temporary File Management in Fastify Multipart Plugin
CVE-2025-24033
FastifyFastify-multipart7.5HIGH

21 May 2024

Session Cookie Hijacking Vulnerability in Fastify Session Plugin by Fastify
CVE-2024-35220
Fastify@fastify/session

10 April 2024

Festify Secure Session Plugin Patches Issue Allowing Unlimited Session Renewal
CVE-2024-31999
FastifyFastify-secure-session7.4HIGH

15 January 2024

Default swagger-ui configuration exposes all files in the module
CVE-2024-22207
FastifyFastify-swagger-uiEPSS 14%5.3MEDIUM

8 January 2024

Security Bypass in Fastify Plugin for HTTP Request Forwarding from Fastify
CVE-2023-51701
FastifyFastify-reply-from5.3MEDIUM

21 April 2023

20 April 2023

Bypass of CSRF protection in the presence of predictable userInfo in @fastify/csrf-protection
CVE-2023-27495
FastifyCsrf-protection5.3MEDIUM

14 February 2023

@fastify/multipart vulnerable to DoS due to unlimited number of parts
CVE-2023-25576
FastifyFastify-multipart7.5HIGH

22 November 2022

Fastify vulnerable to Cross-Site Request Forgery (CSRF) attack via incorrect content type
CVE-2022-41919
FastifyFastify4.2MEDIUM

8 November 2022

fastify-websocket vulnerable to uncaught exception via crash on malformed packet
CVE-2022-39386
FastifyFastify-websocket7.5HIGH

10 October 2022

Denial of service in Fastify via Content-Type header
CVE-2022-39288
FastifyFastify7.5HIGH

14 July 2022

Potential Timing Attack Vector in @fastify/bearer-auth
CVE-2022-31142
FastifyFastify-bearer-auth7.5HIGH

31 May 2022

No verification of commits origin in github-action-merge-dependabot
CVE-2022-29220
FastifyGithub-action-merge-de...6.5MEDIUM

11 February 2022

Denial of Service (DoS)
CVE-2021-23597
FastifyFastify-multipart7.5HIGH

14 October 2021

Redirect Vulnerability in Fastify-Static Module by Fastify
CVE-2021-22963
FastifyHttps://github.com/fas...6.1MEDIUM