GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state
High
CVE-2023-31999
was published
for
@fastify/oauth2
(npm)
Jul 5, 2023
Undici's cookie header not cleared on cross-origin redirect in fetch
Low
CVE-2023-45143
was published
for
undici
(npm)
Oct 16, 2023
Undici proxy-authorization header not cleared on cross-origin redirect in fetch
Low
CVE-2024-24758
was published
for
undici
(npm)
Feb 16, 2024
@fastify/secure-session: Reuse of destroyed secure session cookie
High
CVE-2024-31999
was published
for
@fastify/secure-session
(npm)
Apr 10, 2024
find-my-way has a ReDoS vulnerability in multiparametric routes
High
CVE-2024-45813
was published
for
find-my-way
(npm)
Sep 18, 2024
fetch(url) leads to a memory leak in undici
Moderate
CVE-2024-24750
was published
for
undici
(npm)
Feb 16, 2024
Use of Insufficiently Random Values in undici
Moderate
CVE-2025-22150
was published
for
undici
(npm)
Jan 21, 2025
undici Denial of Service attack via bad certificate data
Low
CVE-2025-47279
was published
for
undici
(npm)
May 15, 2025
Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass
High
CVE-2025-32442
was published
for
fastify
(npm)
Apr 18, 2025
Withdrawn Advisory: fast-redact vulnerable to prototype pollution
Low
CVE-2025-57319
was published
for
fast-redact
(npm)
Sep 24, 2025
•
withdrawn
Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion
Low
CVE-2026-22036
was published
for
undici
(npm)
Jan 14, 2026
ProTip!
Advisories are also available from the
GraphQL API