Known Vulnerabilities for products from Fastify
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Fastify".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-42353 json | Not Provided | 2026-05-08 | 2026-05-08 | |
| CVE-2026-41690 json | Not Provided | 2026-05-08 | 2026-05-08 | |
| CVE-2026-41683 json | Not Provided | 2026-05-08 | 2026-05-08 | |
| CVE-2026-34076 json | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-33808 json | Not Provided | 2026-04-15 | 2026-04-15 | |
| CVE-2026-33807 json | Not Provided | 2026-04-15 | 2026-04-15 | |
| CVE-2026-33806 json | Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed ent... | Not Provided | 2026-04-15 | 2026-04-17 |
| CVE-2026-33805 json | Not Provided | 2026-04-15 | 2026-04-15 | |
| CVE-2026-33804 json | Not Provided | 2026-04-16 | 2026-04-16 | |
| CVE-2026-7768 json | Not Provided | 2026-05-04 | 2026-05-04 | |
| CVE-2026-6414 json | @fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators (%2F) before filesystem resolution, while... | Not Provided | 2026-04-16 | 2026-04-23 |
| CVE-2026-6410 json | @fastify/static versions 8.0.0 through 9.1.0 allow path traversal when directory listing is enabled via the list option. The ... | Not Provided | 2026-04-16 | 2026-04-23 |
| CVE-2026-3635 json | Summary When trustProxy is configured with a restrictive trust function (e.g., a specific IP like trustProxy: '10.0.0.1', a s... | Not Provided | 2026-03-23 | 2026-04-16 |
| CVE-2023-31999 json | All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests... | 8.8 - HIGH | 2023-07-04 | 2023-07-17 |
| CVE-2023-29020 json | @fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF (Cross-Site Request Forger... | 6.5 - MEDIUM | 2023-04-21 | 2023-05-03 |
| CVE-2023-29019 json | @fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using `@fastify/passpo... | 8.1 - HIGH | 2023-04-21 | 2023-05-04 |
| CVE-2023-27495 json | @fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced b... | 6.5 - MEDIUM | 2023-04-20 | 2023-05-02 |
| CVE-2023-25576 json | @fastify/multipart is a Fastify plugin to parse the multipart content-type. Prior to versions 7.4.1 and 6.0.1, @fastify/multi... | 7.5 - HIGH | 2023-02-14 | 2023-02-22 |
| CVE-2022-41919 json | Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect `Content-Type` t... | 8.8 - HIGH | 2022-11-22 | 2023-11-07 |
| CVE-2022-39386 json | @fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific... | 7.5 - HIGH | 2022-11-08 | 2022-11-09 |
Known software with vulnerabilities from Fastify
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Fastify | Fastify | 0.1.0 |
| Application | Fastify | Fastify-csrf | 1.0.0 |
| Application | Fastify | Fastify-multipart | 0.1.0 |