Search for packages
| purl | pkg:npm/http-proxy-middleware@3.0.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-deza-pf5q-cqfy
Aliases: CVE-2025-32997 GHSA-9gqv-wp59-fq42 |
In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed. |
Affected by 0 other vulnerabilities. |
|
VCID-ff18-akd9-ebhu
Aliases: CVE-2025-32996 GHSA-4www-5p9h-95mh |
In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-aeuz-jzwr-zucw | Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths. |
CVE-2024-21536
GHSA-c7qv-q95q-8v27 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-12T19:59:09.189207+00:00 | GitLab Importer | Affected by | VCID-ff18-akd9-ebhu | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/http-proxy-middleware/CVE-2025-32996.yml | 38.6.0 |
| 2026-06-12T19:59:08.043765+00:00 | GitLab Importer | Affected by | VCID-deza-pf5q-cqfy | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/http-proxy-middleware/CVE-2025-32997.yml | 38.6.0 |
| 2026-06-12T19:44:15.493855+00:00 | GitLab Importer | Fixing | VCID-aeuz-jzwr-zucw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/http-proxy-middleware/CVE-2024-21536.yml | 38.6.0 |
| 2026-06-12T07:40:13.991535+00:00 | GithubOSV Importer | Fixing | VCID-aeuz-jzwr-zucw | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-c7qv-q95q-8v27/GHSA-c7qv-q95q-8v27.json | 38.6.0 |