Vulnerabilities in feathersjs

5 results

CVE-2023-37899HIGHfeathersjs socket handler allows abusing implicit toStringEPSS 1.0%CVE-2026-29792CRITICALFeathersjs has an OAuth Callback Account TakeoverEPSS 0.5%CVE-2026-27193HIGHFeathers exposes internal headers via unencrypted session cookieEPSS 0.4%CVE-2026-27191HIGHFeathers: Open Redirect in OAuth callback enables account takeoverEPSS 0.3%CVE-2026-27192HIGHFeathers has an origin validation bypass via prefix matchingEPSS 0.2%