Live data from GitHub and npm, updated daily.
Data last fetched: 2026-05-15
10 active CVEs reported via OSV.dev
Fastify has a Body Schema Validation Bypass via Leading Space in Content-Type Header
Fastify: Incorrect Content-Type parsing can lead to CSRF attack
fastify: request.protocol and request.host Spoofable via X-Forwarded-Proto/Host from Untrusted Connections
fastify vulnerable to denial of service via malicious Content-Type
Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation
Fastify's Content-Type header tab character allows body validation bypass
Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass
Denial of Service vulnerability with large JSON payloads in fastify
Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream
Denial of service in fastify
Other Web Framework projects in the Node.js ecosystem worth evaluating.
Get SLA-backed support, security patches, and direct access to senior engineers for Fastify โ without relying on volunteer maintainers.
Talk to an Expert โ