| CVE-2026-33806 |
unknown |
— |
— |
|
|
|
1mo ago |
Fastify has a Body Schema Validation Bypass via Leading Space in Content-Type Header |
| CVE-2026-3635 |
unknown |
— |
— |
|
|
|
2mo ago |
fastify: request.protocol and request.host Spoofable via X-Forwarded-Proto/Host from Untrusted Connections |
| CVE-2026-3419 |
unknown |
— |
— |
|
|
|
3mo ago |
Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation |
| CVE-2026-25224 |
unknown |
— |
— |
|
|
|
4mo ago |
Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream |
| CVE-2026-25223 |
unknown |
— |
— |
|
|
|
4mo ago |
Fastify's Content-Type header tab character allows body validation bypass |
| CVE-2025-32442 |
unknown |
— |
— |
|
|
|
1y ago |
Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass |
| CVE-2022-41919 |
unknown |
— |
— |
|
|
|
4y ago |
Fastify: Incorrect Content-Type parsing can lead to CSRF attack |
| CVE-2022-39288 |
unknown |
— |
— |
|
|
|
4y ago |
fastify vulnerable to denial of service via malicious Content-Type |
| CVE-2020-8192 |
unknown |
— |
— |
|
|
|
6y ago |
Denial of service in fastify |
| CVE-2018-3711 |
unknown |
— |
— |
|
|
|
8y ago |
Denial of Service vulnerability with large JSON payloads in fastify |