Vulnerabilities > Fastify

DATE CVE VULNERABILITY TITLE RISK
2024-01-08 CVE-2023-51701 HTTP Request Smuggling vulnerability in Fastify Reply-From
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server.
network
low complexity
fastify CWE-444
7.5
2023-07-04 CVE-2023-31999 Cross-Site Request Forgery (CSRF) vulnerability in Fastify Oauth2
All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users.
network
low complexity
fastify CWE-352
8.8
2023-04-21 CVE-2023-29019 Session Fixation vulnerability in Fastify Passport
@fastify/passport is a port of passport authentication library for the Fastify ecosystem.
network
low complexity
fastify CWE-384
8.1
2023-04-21 CVE-2023-29020 Cross-Site Request Forgery (CSRF) vulnerability in Fastify Passport
@fastify/passport is a port of passport authentication library for the Fastify ecosystem.
network
low complexity
fastify CWE-352
6.5
2023-04-20 CVE-2023-27495 Cross-Site Request Forgery (CSRF) vulnerability in Fastify Csrf-Protection
@fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks.
network
low complexity
fastify CWE-352
6.5
2023-02-14 CVE-2023-25576 Allocation of Resources Without Limits or Throttling vulnerability in Fastify Fastify-Multipart
@fastify/multipart is a Fastify plugin to parse the multipart content-type.
network
low complexity
fastify CWE-770
7.5
2022-11-22 CVE-2022-41919 Cross-Site Request Forgery (CSRF) vulnerability in Fastify
Fastify is a web framework with minimal overhead and plugin architecture.
network
low complexity
fastify CWE-352
8.8
2022-11-08 CVE-2022-39386 Unspecified vulnerability in Fastify Websocket
@fastify/websocket provides WebSocket support for Fastify.
network
low complexity
fastify
7.5
2022-10-10 CVE-2022-39288 Improper Check for Unusual or Exceptional Conditions vulnerability in Fastify
fastify is a fast and low overhead web framework, for Node.js.
network
low complexity
fastify CWE-754
7.5
2022-05-31 CVE-2022-29220 Insufficient Verification of Data Authenticity vulnerability in Fastify Github Action Merge Dependabot
github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs).
network
low complexity
fastify CWE-345
4.0