Fastify Security Vulnerabilities (CVEs)

Track 7 security vulnerabilities affecting Fastify products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

6 High

1 Medium

Sort by:

🔔 Get Alerts for Fastify

CVE-2025-66415 5.4

CVE-2025-66415 is an authorization bypass vulnerability in fastify-reply-from, a Fastify plugin for HTTP request forwarding. Attackers can craft malic...

Dec 1, 2025

CVE-2023-31999 8.8

CVE-2023-31999 is a CSRF vulnerability in @fastify/oauth2 where a static state parameter was reused across all users and requests, allowing attackers ...

Jul 4, 2023

CVE-2023-29019 8.1

CVE-2023-29019 is a session fixation vulnerability in @fastify/passport that allows attackers to hijack user sessions. Applications using @fastify/pas...

Apr 21, 2023

CVE-2023-25576 7.5

CVE-2023-25576 is a denial-of-service vulnerability in @fastify/multipart plugin where attackers can send unlimited multipart parts (files, fields, or...

Feb 14, 2023

CVE-2022-31142 7.5

This vulnerability in @fastify/bearer-auth allows attackers to perform timing attacks to estimate valid bearer token lengths, reducing the search spac...

Jul 14, 2022

CVE-2021-23597 7.5

This vulnerability in fastify-multipart allows attackers to crash Node.js applications by sending multipart form data with a 'name=constructor' proper...

Feb 11, 2022

CVE-2021-22964 8.8

A path traversal vulnerability in fastify-static module allows attackers to redirect Firefox users to arbitrary websites via crafted URLs containing d...

Oct 14, 2021

Why Monitor Fastify Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 7+ known vulnerabilities affecting Fastify products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Fastify packages in under 60 seconds. No agents required - completely agentless scanning that works across Fastify deployments.

Free vulnerability database: Access detailed information about every Fastify CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Fastify CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Fastify CVEs Free