EUVD-2021-0698

Malware in sbrugna...

EUVD-2023-0723

Malicious code in bioql PyPI...

EUVD-2022-6214

Malicious code in bioql PyPI...

EUVD-2025-0118

Malicious code in bioql PyPI...

EUVD-2024-1716

Malicious code in bioql PyPI...

EUVD-2024-0427

Malicious code in bioql PyPI...

CVE-2024-22207

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...

Exploit for CVE-2025-47240

Remote Code Execution via @fastify/view raw rendering Ve...

PT-2025-18960 · Unknown · Fastify/View

Name of the Vulnerable Software and Affected Versions: @fastify/view affected versions not specified Description: The issue concerns a potential Remote Code Execution RCE vulnerability in the @fastify/view plugin for Fastify, which allows the use of template engines for generating HTML pages on t...

CVE-2025-24033

@fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the saveRequestFiles function does not delete the uploaded temporary files when user cancels the request. The issue is fixed in versions 8.3.1 and 9.0.3. As a workaround, do not use...

CVE-2025-24033

CVE-2025-24033 affects the @fastify/multipart plugin. Prior to versions 8.3.1 and 9.0.3, the saveRequestFiles function does not delete uploaded temporary files when a user cancels a request, risking excessive disk usage. The issue is fixed in versions 8.3.1 and 9.0.3. As a workaround, do not use ...

CVE-2025-24033 @fastify/multipart vulnerable to unlimited consumption of resources

@fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the saveRequestFiles function does not delete the uploaded temporary files when user cancels the request. The issue is fixed in versions 8.3.1 and 9.0.3. As a workaround, do not use...

CVE-2024-22207 Default swagger-ui configuration exposes all files in the module

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...

CVE-2023-27495 Bypass of CSRF protection in the presence of predictable userInfo in @fastify/csrf-protection

@fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions...

Fastify Fastify-csrf 跨站请求伪造漏洞

Fastify Fastify-csrf is a Fastify community based on Javascript can provide CSRF protection for Fastify plugin . A cross-site request forgery vulnerability exists in Fastify Fastify-csrf. An attacker can exploit this vulnerability to bypass the cross-site request forgery protection mechanism...

CVE-2022-31142 Potential Timing Attack Vector in @fastify/bearer-auth

@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750,...

@wmfs/tymly-fastify-plugin (>=1.57.0 <=1.59.0), homebridge-config-ui-x (>=4.41.4 <=4.43.0-test.2) potentially affected by CVE-2020-8136 +1 more via fastify-multipart (>=5.2.1 <=5.3.0)

fastify-multipart NPM version =5.2.1, =1.57.0, =4.41.4, =4.43.0-test.2 Source cves: CVE-2020-8136, CVE-2021-23597 Source advisory: SNYK:JS-FASTIFYMULTIPART-2395480...

@wmfs/tymly-fastify-plugin (>=1.50.0 <=1.51.0), egg-bag (>=1.44.43 <=1.45.11) potentially affected by CVE-2021-22964 via fastify-static (>=4.2.4 <=4.4.0)

fastify-static NPM version =4.2.4, =1.50.0, =1.44.43, =1.45.11 Source cves: CVE-2021-22964 Source advisory: OSV:GHSA-PGH6-M65R-2RHQ...

CVE-2021-21321

fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server i...

CVE-2021-21321

fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server i...