pkg:npm/fastify

所有已知漏洞

• HIGH7.5CVE-2026-33806Fastify has a Body Schema Validation Bypass via Leading Space in Content-Type Header
  >= 5.3.2, < 5.8.5
• HIGH7.5CVE-2026-25223Fastify's Content-Type header tab character allows body validation bypass
  from 0, < 5.7.2
• HIGH7.5CVE-2025-32442Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass
  >= 5.0.0, < 5.3.2
• HIGH7.5CVE-2022-39288fastify vulnerable to denial of service via malicious Content-Type
  >= 4.0.0, < 4.8.1
• HIGH7.5CVE-2018-3711Denial of Service vulnerability with large JSON payloads in fastify
  from 0, < 0.38.0
• MEDIUM6.1CVE-2026-3635fastify: request.protocol and request.host Spoofable via X-Forwarded-Proto/Host from Untrusted Connections
  from 0, < 5.8.3
• MEDIUM5.3CVE-2026-3419Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation
  >= 5.7.2, < 5.8.1
• MEDIUM4.2CVE-2022-41919Fastify: Incorrect Content-Type parsing can lead to CSRF attack
  >= 4.0.0, < 4.10.2
• LOW3.7CVE-2026-25224Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream
  from 0, < 5.7.3
• —CVE-2020-8192Denial of service in fastify
  from 0, < 2.15.1