GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10 advisories
Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression
High
CVE-2026-1526
was published
for
undici
(npm)
Mar 13, 2026
Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation
High
CVE-2026-2229
was published
for
undici
(npm)
Mar 13, 2026
Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client
High
CVE-2026-1528
was published
for
undici
(npm)
Mar 13, 2026
@fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware
High
CVE-2026-2880
was published
for
@fastify/middie
(npm)
Feb 28, 2026
@fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)
High
CVE-2026-22037
was published
for
@fastify/express
(npm)
Jan 20, 2026
Fastify Middie Middleware Path Bypass
High
CVE-2026-22031
was published
for
@fastify/middie
(npm)
Jan 20, 2026
Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass
High
CVE-2025-32442
was published
for
fastify
(npm)
Apr 18, 2025
find-my-way has a ReDoS vulnerability in multiparametric routes
High
CVE-2024-45813
was published
for
find-my-way
(npm)
Sep 18, 2024
@fastify/secure-session: Reuse of destroyed secure session cookie
High
CVE-2024-31999
was published
for
@fastify/secure-session
(npm)
Apr 10, 2024
@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state
High
CVE-2023-31999
was published
for
@fastify/oauth2
(npm)
Jul 5, 2023
ProTip!
Advisories are also available from the
GraphQL API