Vulnerabilidades em fastify
28 resultadosCVE-2022-39288HIGHDenial of service in Fastify via Content-Type headerEPSS 59.2%CVE-2024-22207MEDIUMDefault swagger-ui configuration exposes all files in the moduleEPSS 2.0%CVE-2021-21322CRITICALPrefix escapeEPSS 1.9%CVE-2021-21321CRITICALPrefix escapeEPSS 1.8%CVE-2023-25576HIGH@fastify/multipart vulnerable to DoS due to unlimited number of partsEPSS 1.5%CVE-2022-31142HIGHPotential Timing Attack Vector in @fastify/bearer-authEPSS 1.2%CVE-2021-29624MEDIUMLack of protection against cookie tossing attacks in fastify-csrfEPSS 0.8%CVE-2023-29019HIGHSession fixation in fastify-passportEPSS 0.8%CVE-2022-39386HIGHfastify-websocket vulnerable to uncaught exception via crash on malformed packetEPSS 0.7%CVE-2025-32442HIGHFastify vulnerable to invalid content-type parsing, which could lead to validation bypassEPSS 0.6%CVE-2024-31999HIGH@fastify/secure-session: Reuse of destroyed secure session cookieEPSS 0.6%CVE-2025-24033HIGH@fastify/multipart vulnerable to unlimited consumption of resourcesEPSS 0.6%CVE-2026-25223HIGHFastify's Content-Type header tab character allows body validation bypassEPSS 0.5%CVE-2026-25224LOWFastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStreamEPSS 0.5%CVE-2026-33808CRITICAL@fastify/express vulnerable to middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons)EPSS 0.5%CVE-2023-51701MEDIUM@fastify-reply-from JSON Content-Type parsing confusionEPSS 0.5%CVE-2026-22031HIGHFastify Middie Middleware Path BypassEPSS 0.5%CVE-2022-29220MEDIUMNo verification of commits origin in github-action-merge-dependabotEPSS 0.5%CVE-2024-35220HIGH@fastify/session reuses destroyed session cookieEPSS 0.4%CVE-2026-33807CRITICAL@fastify/express vulnerable to middleware path doubling causing authentication bypass in child plugin scopesEPSS 0.4%