@amedia/brick-mcp (>=0.0.0-vBRAND-20260313141110 <=1.0.3), @area15/ticket-component (=0.1.0) +217 more potentially affected by CVE-2025-32442 +1 more via fastify (>=5.3.2 <=5.8.4)

fastify NPM version =5.3.2, =0.0.0-vBRAND-20260313141110, =2.0.1, =1.1.1, =0.6.2, =0.1.1, =0.1.1, =0.6.0, =0.1.1, =0.0.35, =0.0.82, =0.0.1, =0.0.6, =0.1.68, =0.1.0, =0.8.2 and more Source cves: CVE-2025-32442, CVE-2026-33806 Source advisory: OSV:GHSA-247C-9743-5963...

0uth (>=1.0.5 <=1.2.1), @___d/common (>=1.0.3 <=1.0.27) +2489 more potentially affected by CVE-2026-33806 via fastify (>=4.29.0 <=5.8.4)

fastify NPM version =4.29.0, =1.0.5, =1.0.3, =0.0.3, =1.0.0, =3.0.0, =0.1.0, =0.0.1, =0.1.0, =2.0.0, =1.0.1, =1.6.2, =1.0.3, =0.3.3, =0.7.3 and more Source cves: CVE-2026-33806 Source advisory: SNYK:JS-FASTIFY-16066793...

Improper Validation of Specified Type of Input

Overview fastify is an overhead web framework, for Node.js. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the schema.body.content when a space is prepended to the Content-Type header. An attacker can bypass input validation by sending...

Use of Less Trusted Source

Overview fastify is an overhead web framework, for Node.js. Affected versions of this package are vulnerable to Use of Less Trusted Source in the request.protocol and request.host getters. An attacker can manipulate the perceived protocol and host by sending crafted X-Forwarded-Proto and...

Fastify 安全漏洞

Fastify is an open-source web framework developed by Fastify. Versions of Fastify 5.8.2 and earlier contain security vulnerabilities. These vulnerabilities arise when the trustProxy is configured as a restrictive trust function, allowing request.protocol and request.host to read the...

CVE-2026-3419 Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation

Fastify incorrectly accepts malformed Content-Type headers containing trailing characters after the subtype token, in violation of RFC 9110 §8.3.1https://httpwg.org/specs/rfc9110.htmlfield.content-type. For example, a request sent with Content-Type: application/json garbage passes validation and ...

CVE-2026-3419

CVE-2026-3419 (Fastify) : A flaw allows RFC-invalid Content-Type headers with trailing characters to bypass validation and reach content-type parsers, potentially causing misinterpretation of requests. This affects Fastify's handling of Content-Type header parsing, including regex-based parsers, ...

@amedia/brick-mcp (>=0.0.0-vSNAPSHOT-20260217144000 <=1.0.0), @area15/ticket-component (=0.1.0) +108 more potentially affected by CVE-2026-3419 via fastify (>=5.7.2 <=5.7.4)

fastify NPM version =5.7.2, =0.0.0-vSNAPSHOT-20260217144000, =0.5.2, =0.5.2, =0.5.2, =0.5.2, =0.2.11, =2.4.2-next.143, =2.4.2-next.143, =2.4.2-next.143, =2.4.2-next.143, =2.11.6, =5.1.19, =2.21.2, =2.21.2, =2.21.3 and more Source cves: CVE-2026-3419 Source advisory: SNYK:JS-FASTIFY-15428269...

@amedia/brick-mcp (>=0.0.0-vSNAPSHOT-20260217144000 <=1.0.0), @area15/ticket-component (=0.1.0) +108 more potentially affected by CVE-2026-3419 via fastify (>=5.7.2 <=5.7.4)

fastify NPM version =5.7.2, =0.0.0-vSNAPSHOT-20260217144000, =0.5.2, =0.5.2, =0.5.2, =0.5.2, =0.2.11, =2.4.2-next.143, =2.4.2-next.143, =2.4.2-next.143, =2.4.2-next.143, =2.11.6, =5.1.19, =2.21.2, =2.21.2, =2.21.3 and more Source cves: CVE-2026-3419 Source advisory: OSV:GHSA-573F-X89G-HQP9...

CVE-2026-25224

A flaw was found in Fastify. A remote client can exploit this denial-of-service vulnerability by sending a slow or non-reading request when the application returns a ReadableStream or Response with a Web Stream body via reply.send. This can lead to unbounded buffering, exhausting server memory. T...

CVE-2026-25223 Fastify's Content-Type header tab character allows body validation bypass

Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character \t followed by arbitrary content ...

@amedia/brick-mcp (>=0.0.0-vEXPORT-20260113150210 <=0.1.5), @andesite-lab/andesite-core (=1.60.2) +260 more potentially affected by CVE-2026-25224 via fastify (>=5.0.0-alpha.2 <=5.7.2)

fastify NPM version =5.0.0-alpha.2, =0.0.0-vEXPORT-20260113150210, =2.0.1, =1.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.35, =0.0.82, =0.0.1, =0.0.6, =0.1.68, =6.0.0, =0.2.305, =1.0.6, =1.0.22 and more Source cves: CVE-2026-25224 Source advisory: SNYK:JS-FASTIFY-15182641...

GHSA-MRQ3-VJJR-P77C Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream

Impact A Denial of Service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via reply.send are impacted. A slow or non-reading client can trigger unbounded...

03-api-solid (>=1.0.0 <=1.1.2), 0uth (>=1.0.5 <=1.2.1) +3727 more potentially affected by CVE-2026-25223 via fastify (>=0.21.0 <=5.7.1)

fastify NPM version =0.21.0, =1.0.0, =1.0.5, =1.0.0, =1.0.0, =0.0.0, =0.0.1, =1.0.3, =0.0.1, =0.1.66, =0.5.0, =1.3.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2-canary.2 and more Source cves: CVE-2026-25223 Source advisory: OSV:GHSA-JX2C-RXCM-JVMQ...

@amedia/brick-mcp (>=0.0.0-vEXPORT-20260113150210 <=0.1.5), @andesite-lab/andesite-core (=1.60.2) +259 more potentially affected by CVE-2026-25223 via fastify (>=5.0.0-alpha.2 <=5.7.1)

fastify NPM version =5.0.0-alpha.2, =0.0.0-vEXPORT-20260113150210, =2.0.1, =1.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.35, =0.0.82, =0.0.1, =0.0.6, =0.1.68, =6.0.0, =0.2.305, =1.0.6, =1.0.22 and more Source cves: CVE-2026-25223 Source advisory: SNYK:JS-FASTIFY-15182642...

EUVD-2020-0654

Malware in sbrugna...

EUVD-2023-0446

Malicious code in bioql PyPI...

Security Bulletin: Vulnerabilities in Fastify affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Fastify has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-32442 DESCRIPTION: Fastify ...

CVE-2025-32442 Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass

Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0 as well as version 4.29.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a slightly altered content type such as...

CVE-2025-32442 Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass

Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0 as well as version 4.29.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a slightly altered content type such as...