@fastify/express
This hub aggregates every CVE we track for @fastify/express, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
3
CVEs tracked
2
Critical
1
High
0
In CISA KEV
Severity distribution
CRITICAL2HIGH1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
2
0
0
2024-072026-06
Latest CVEs
The 3 most recently published vulnerabilities affecting @fastify/express.
- CVE-2026-33807@fastify/express vulnerable to middleware path doubling causing authentication bypass in child plugin scopes9.1
- CVE-2026-33808@fastify/express vulnerable to middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons)9.1
- CVE-2026-22037@fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)8.4
Product normalization is registry-driven with AI assist and human review. How it works