Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/fastify@0.25.1
Typenpm
Namespace
Namefastify
Version0.25.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.8.5
Latest_non_vulnerable_version5.8.5
Affected_by_vulnerabilities
0
url VCID-4pu6-91xp-kud3
vulnerability_id VCID-4pu6-91xp-kud3
summary Denial of Service vulnerability with large JSON payloads in fastify
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-3711
reference_id
reference_type
scores
0
value 0.00331
scoring_system epss
scoring_elements 0.56415
published_at 2026-06-11T12:55:00Z
1
value 0.00331
scoring_system epss
scoring_elements 0.56534
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-3711
1
reference_url https://github.com/fastify/fastify/commit/fabd2a011f2ffbb877394abe699f549513ffbd76
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/fastify/fastify/commit/fabd2a011f2ffbb877394abe699f549513ffbd76
2
reference_url https://github.com/fastify/fastify/pull/627
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/fastify/fastify/pull/627
3
reference_url https://github.com/fastify/fastify/releases/tag/v0.38.0
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3
scoring_elements
url https://github.com/fastify/fastify/releases/tag/v0.38.0
4
reference_url https://hackerone.com/reports/303632
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/303632
5
reference_url https://www.npmjs.com/advisories/564
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/564
6
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/364.json
reference_id 364
reference_type
scores
0
value 9.3
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/364.json
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-3711
reference_id CVE-2018-3711
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-3711
8
reference_url https://github.com/advisories/GHSA-mq6c-fh97-4gwv
reference_id GHSA-mq6c-fh97-4gwv
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-mq6c-fh97-4gwv
fixed_packages
0
url pkg:npm/fastify@0.38.0
purl pkg:npm/fastify@0.38.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ht9-gg8u-9qax
1
vulnerability VCID-8p2p-977a-qqb6
2
vulnerability VCID-f1g6-gvqq-6kbf
3
vulnerability VCID-g4ar-bpke-2qc2
4
vulnerability VCID-t6pc-rnnq-g3gv
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/fastify@0.38.0
aliases CVE-2018-3711, GHSA-mq6c-fh97-4gwv
risk_score 4.2
exploitability 0.5
weighted_severity 8.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4pu6-91xp-kud3
1
url VCID-6ht9-gg8u-9qax
vulnerability_id VCID-6ht9-gg8u-9qax
summary Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream (or Response with a Web Stream body) via reply.send() are impacted. A slow or non-reading client can trigger unbounded buffering when backpressure is ignored, leading to process crashes or severe degradation. This issue has been patched in version 5.7.3.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25224.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25224.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25224
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05706
published_at 2026-06-12T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.0568
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25224
2
reference_url https://github.com/fastify/fastify
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/fastify/fastify
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436557
reference_id 2436557
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436557
4
reference_url https://hackerone.com/reports/3524779
reference_id 3524779
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T16:20:26Z/
url https://hackerone.com/reports/3524779
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25224
reference_id CVE-2026-25224
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25224
6
reference_url https://github.com/fastify/fastify/commit/eb11156396f6a5fedaceed0140aed2b7f026be37
reference_id eb11156396f6a5fedaceed0140aed2b7f026be37
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T16:20:26Z/
url https://github.com/fastify/fastify/commit/eb11156396f6a5fedaceed0140aed2b7f026be37
7
reference_url https://github.com/advisories/GHSA-mrq3-vjjr-p77c
reference_id GHSA-mrq3-vjjr-p77c
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mrq3-vjjr-p77c
8
reference_url https://github.com/fastify/fastify/security/advisories/GHSA-mrq3-vjjr-p77c
reference_id GHSA-mrq3-vjjr-p77c
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T16:20:26Z/
url https://github.com/fastify/fastify/security/advisories/GHSA-mrq3-vjjr-p77c
fixed_packages
0
url pkg:npm/fastify@5.7.3
purl pkg:npm/fastify@5.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-64tj-czqk-gyf1
1
vulnerability VCID-g4ar-bpke-2qc2
2
vulnerability VCID-mjfs-h1jx-2yar
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/fastify@5.7.3
aliases CVE-2026-25224, GHSA-mrq3-vjjr-p77c
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ht9-gg8u-9qax
2
url VCID-8p2p-977a-qqb6
vulnerability_id VCID-8p2p-977a-qqb6
summary Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character (\t) followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the server still processes the body as the original content type. This issue has been patched in version 5.7.2.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25223.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25223.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25223
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06297
published_at 2026-06-12T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.06277
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25223
2
reference_url https://github.com/fastify/fastify
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/fastify/fastify
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436560
reference_id 2436560
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436560
4
reference_url https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821
reference_id 32d7b6add39ddf082d92579a58bea7018c5ac821
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T21:18:10Z/
url https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821
5
reference_url https://hackerone.com/reports/3464114
reference_id 3464114
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T21:18:10Z/
url https://hackerone.com/reports/3464114
6
reference_url https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125
reference_id content-type-parser.js#L125
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T21:18:10Z/
url https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25223
reference_id CVE-2026-25223
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25223
8
reference_url https://github.com/advisories/GHSA-jx2c-rxcm-jvmq
reference_id GHSA-jx2c-rxcm-jvmq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jx2c-rxcm-jvmq
9
reference_url https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq
reference_id GHSA-jx2c-rxcm-jvmq
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T21:18:10Z/
url https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq
10
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
11
reference_url https://access.redhat.com/errata/RHSA-2026:5807
reference_id RHSA-2026:5807
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5807
12
reference_url https://access.redhat.com/errata/RHSA-2026:6192
reference_id RHSA-2026:6192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6192
13
reference_url https://fastify.dev/docs/latest/Reference/Validation-and-Serialization
reference_id Validation-and-Serialization
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T21:18:10Z/
url https://fastify.dev/docs/latest/Reference/Validation-and-Serialization
14
reference_url https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272
reference_id validation.js#L272
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T21:18:10Z/
url https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272
fixed_packages
0
url pkg:npm/fastify@5.7.2
purl pkg:npm/fastify@5.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-64tj-czqk-gyf1
1
vulnerability VCID-6ht9-gg8u-9qax
2
vulnerability VCID-g4ar-bpke-2qc2
3
vulnerability VCID-mjfs-h1jx-2yar
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/fastify@5.7.2
aliases CVE-2026-25223, GHSA-jx2c-rxcm-jvmq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8p2p-977a-qqb6
3
url VCID-f1g6-gvqq-6kbf
vulnerability_id VCID-f1g6-gvqq-6kbf
summary fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed in commit `fbb07e8d` and will be included in release version 4.8.1. Users are advised to upgrade. Users unable to upgrade may manually filter out http content with malicious Content-Type headers.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39288
reference_id
reference_type
scores
0
value 0.04685
scoring_system epss
scoring_elements 0.89614
published_at 2026-06-12T12:55:00Z
1
value 0.04685
scoring_system epss
scoring_elements 0.8958
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39288
1
reference_url https://github.com/fastify/fastify
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/fastify/fastify
2
reference_url https://hackerone.com/bugs?report_id=1715536&subject=fastify
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/bugs?report_id=1715536&subject=fastify
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39288
reference_id CVE-2022-39288
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39288
4
reference_url https://github.com/fastify/fastify/commit/fbb07e8dfad74c69cd4cd2211aedab87194618e3
reference_id fbb07e8dfad74c69cd4cd2211aedab87194618e3
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:15Z/
url https://github.com/fastify/fastify/commit/fbb07e8dfad74c69cd4cd2211aedab87194618e3
5
reference_url https://github.com/advisories/GHSA-455w-c45v-86rg
reference_id GHSA-455w-c45v-86rg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-455w-c45v-86rg
6
reference_url https://github.com/fastify/fastify/security/advisories/GHSA-455w-c45v-86rg
reference_id GHSA-455w-c45v-86rg
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:15Z/
url https://github.com/fastify/fastify/security/advisories/GHSA-455w-c45v-86rg
7
reference_url https://github.com/fastify/fastify/security/policy
reference_id policy
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:15Z/
url https://github.com/fastify/fastify/security/policy
fixed_packages
0
url pkg:npm/fastify@4.8.1
purl pkg:npm/fastify@4.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ht9-gg8u-9qax
1
vulnerability VCID-8p2p-977a-qqb6
2
vulnerability VCID-g4ar-bpke-2qc2
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/fastify@4.8.1
aliases CVE-2022-39288, GHSA-455w-c45v-86rg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f1g6-gvqq-6kbf
4
url VCID-g4ar-bpke-2qc2
vulnerability_id VCID-g4ar-bpke-2qc2
summary 
Summary
When trustProxy is configured with a restrictive trust function (e.g., a specific IP like trustProxy: '10.0.0.1', a subnet, a hop count, or a custom function), the request.protocol and request.host getters read X-Forwarded-Proto and X-Forwarded-Host headers from any connection — including connections from untrusted IPs. This allows an attacker connecting directly to Fastify (bypassing the proxy) to spoof both the protocol and host seen by the application.

Affected Versions
fastify <= 5.8.2

Impact
Applications using request.protocol or request.host for security decisions (HTTPS enforcement, secure cookie flags, CSRF origin checks, URL construction, host-based routing) are affected when trustProxy is configured with a restrictive trust function.

When trustProxy: true (trust everything), both host and protocol trust all forwarded headers — this is expected behavior. The vulnerability only manifests with restrictive trust configurations.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3635.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3635.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3635
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01851
published_at 2026-06-12T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01849
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3635
2
reference_url https://github.com/fastify/fastify
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/fastify/fastify
3
reference_url https://github.com/fastify/fastify/releases/tag/v5.8.3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/fastify/fastify/releases/tag/v5.8.3
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3635
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3635
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450330
reference_id 2450330
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450330
6
reference_url https://www.cve.org/CVERecord?id=CVE-2026-3635
reference_id CVERecord?id=CVE-2026-3635
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T15:29:15Z/
url https://www.cve.org/CVERecord?id=CVE-2026-3635
7
reference_url https://github.com/advisories/GHSA-444r-cwp2-x5xf
reference_id GHSA-444r-cwp2-x5xf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-444r-cwp2-x5xf
8
reference_url https://github.com/fastify/fastify/security/advisories/GHSA-444r-cwp2-x5xf
reference_id GHSA-444r-cwp2-x5xf
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T15:29:15Z/
url https://github.com/fastify/fastify/security/advisories/GHSA-444r-cwp2-x5xf
9
reference_url https://cna.openjsf.org/security-advisories.html
reference_id security-advisories.html
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T15:29:15Z/
url https://cna.openjsf.org/security-advisories.html
fixed_packages
0
url pkg:npm/fastify@5.8.3
purl pkg:npm/fastify@5.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-64tj-czqk-gyf1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/fastify@5.8.3
aliases CVE-2026-3635, GHSA-444r-cwp2-x5xf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g4ar-bpke-2qc2
5
url VCID-t6pc-rnnq-g3gv
vulnerability_id VCID-t6pc-rnnq-g3gv
summary Denial of service in fastify
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8192
reference_id
reference_type
scores
0
value 0.00383
scoring_system epss
scoring_elements 0.60024
published_at 2026-06-11T12:55:00Z
1
value 0.00383
scoring_system epss
scoring_elements 0.60131
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8192
1
reference_url https://github.com/fastify/fastify/commit/74c3157ca90c3ffed9e4434f63c2017471ec970e
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/fastify/fastify/commit/74c3157ca90c3ffed9e4434f63c2017471ec970e
2
reference_url https://hackerone.com/reports/903521
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/903521
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8192
reference_id CVE-2020-8192
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8192
4
reference_url https://github.com/advisories/GHSA-xw5p-hw6r-2j98
reference_id GHSA-xw5p-hw6r-2j98
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xw5p-hw6r-2j98
fixed_packages
0
url pkg:npm/fastify@2.15.1
purl pkg:npm/fastify@2.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ht9-gg8u-9qax
1
vulnerability VCID-8p2p-977a-qqb6
2
vulnerability VCID-f1g6-gvqq-6kbf
3
vulnerability VCID-g4ar-bpke-2qc2
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/fastify@2.15.1
1
url pkg:npm/fastify@3.0.0
purl pkg:npm/fastify@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ht9-gg8u-9qax
1
vulnerability VCID-8p2p-977a-qqb6
2
vulnerability VCID-f1g6-gvqq-6kbf
3
vulnerability VCID-g4ar-bpke-2qc2
4
vulnerability VCID-gmrs-ecv5-6kgm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/fastify@3.0.0
aliases CVE-2020-8192, GHSA-xw5p-hw6r-2j98
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t6pc-rnnq-g3gv
Fixing_vulnerabilities
Risk_score4.2
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/fastify@0.25.1