pkg:npm/@fastify/express

3 total CVEsCRITICAL1HIGH1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.1CVE-2026-33807@fastify/express's middleware path doubling causes authentication bypass in child plugin scopes
    from 0, < 4.0.5
  • HIGH8.4CVE-2026-22037@fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)
    from 0, < 4.0.3
  • CVE-2026-33808@fastify/express has a middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons)
    from 0, < 4.0.5