fastify

Top products

The 15 most recently published vulnerabilities affecting fastify.

• CVE-2026-7768@fastify/accepts-serializer vulnerable to Denial of Service via Unbounded Accept Header Cache Growth7.5May 4, 2026
• CVE-2026-33804@fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option7.4Apr 16, 2026
• CVE-2026-6270@fastify/middie vulnerable to middleware authentication bypass in child plugin scopes9.1Apr 16, 2026
• CVE-2026-6410@fastify/static vulnerable to path traversal in directory listing5.3Apr 16, 2026
• CVE-2026-6414@fastify/static vulnerable to route guard bypass via encoded path separators5.9Apr 16, 2026
• CVE-2026-33805@fastify/reply-from vulnerable to connection header abuse enabling stripping of proxy-added headers8.6Apr 15, 2026
• CVE-2026-33807@fastify/express vulnerable to middleware path doubling causing authentication bypass in child plugin scopes9.1Apr 15, 2026
• CVE-2026-33808@fastify/express vulnerable to middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons)9.1Apr 15, 2026
• CVE-2026-33806fastify vulnerable to Body Schema Validation Bypass via Leading Space in Content-Type Header7.5Apr 15, 2026
• CVE-2026-3635Fastify request.protocol and request.host spoofable via X-Forwarded-Proto/Host from untrusted connections when trustProxy uses restrictive trust function6.1Mar 23, 2026
• CVE-2026-3419Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation5.3Mar 6, 2026
• CVE-2026-2880@fastify/middie has an improper path normalization vulnerability9.1Feb 27, 2026
• CVE-2026-25223Fastify's Content-Type header tab character allows body validation bypass7.5Feb 3, 2026
• CVE-2026-25224Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream3.7Feb 3, 2026
• CVE-2026-22037@fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)8.4Jan 19, 2026