Known Vulnerabilities for products from Fastify
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Fastify".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34076 json | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-33808 json | Not Provided | 2026-04-15 | 2026-04-15 | |
| CVE-2026-33807 json | Not Provided | 2026-04-15 | 2026-04-15 | |
| CVE-2026-33806 json | Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed ent... | Not Provided | 2026-04-15 | 2026-04-17 |
| CVE-2026-33805 json | Not Provided | 2026-04-15 | 2026-04-15 | |
| CVE-2026-33804 json | Not Provided | 2026-04-16 | 2026-04-16 | |
| CVE-2026-6414 json | Not Provided | 2026-04-16 | 2026-04-16 | |
| CVE-2026-6410 json | Not Provided | 2026-04-16 | 2026-04-16 | |
| CVE-2026-6270 json | Not Provided | 2026-04-16 | 2026-04-16 | |
| CVE-2026-3635 json | Summary When trustProxy is configured with a restrictive trust function (e.g., a specific IP like trustProxy: '10.0.0.1', a s... | Not Provided | 2026-03-23 | 2026-04-16 |
| CVE-2023-31999 json | All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests... | 8.8 - HIGH | 2023-07-04 | 2023-07-17 |
| CVE-2023-29020 json | @fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF (Cross-Site Request Forger... | 6.5 - MEDIUM | 2023-04-21 | 2023-05-03 |
| CVE-2023-29019 json | @fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using `@fastify/passpo... | 8.1 - HIGH | 2023-04-21 | 2023-05-04 |
| CVE-2023-27495 json | @fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced b... | 6.5 - MEDIUM | 2023-04-20 | 2023-05-02 |
| CVE-2023-25576 json | @fastify/multipart is a Fastify plugin to parse the multipart content-type. Prior to versions 7.4.1 and 6.0.1, @fastify/multi... | 7.5 - HIGH | 2023-02-14 | 2023-02-22 |
| CVE-2022-41919 json | Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect `Content-Type` t... | 8.8 - HIGH | 2022-11-22 | 2023-11-07 |
| CVE-2022-39386 json | @fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific... | 7.5 - HIGH | 2022-11-08 | 2022-11-09 |
| CVE-2022-39288 json | fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of servic... | 7.5 - HIGH | 2022-10-10 | 2022-10-12 |
| CVE-2022-31142 json | @fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.... | 7.5 - HIGH | 2022-07-14 | 2022-07-20 |
| CVE-2022-29220 json | github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs). Prior to v... | 6.5 - MEDIUM | 2022-05-31 | 2022-06-15 |
Known software with vulnerabilities from Fastify
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Fastify | Fastify | 0.1.0 |
| Application | Fastify | Fastify-csrf | 1.0.0 |
| Application | Fastify | Fastify-multipart | 0.1.0 |