Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/fastify@4.8.0
Typenpm
Namespace
Namefastify
Version4.8.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.8.5
Latest_non_vulnerable_version5.8.5
Affected_by_vulnerabilities
0
url VCID-2bqg-g3xd-tyd4
vulnerability_id VCID-2bqg-g3xd-tyd4
summary 
Fastify's Content-Type header tab character allows body validation bypass
A validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character (`\t`) followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the server still processes the body as the original content type.

For example, a request with `Content-Type: application/json\ta` will bypass JSON schema validation but still be parsed as JSON.

This vulnerability affects all Fastify users who rely on Content-Type-based body validation schemas to enforce data integrity or security constraints. The concrete impact depends on the handler implementation and the level of trust placed in the validated request body, but at the library level, this allows complete bypass of body validation for any handler using Content-Type-discriminated schemas.

This issue is a regression or missed edge case from the fix for a previously reported vulnerability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25223.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25223.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25223
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06238
published_at 2026-06-09T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.06288
published_at 2026-06-05T12:55:00Z
2
value 0.00022
scoring_system epss
scoring_elements 0.06277
published_at 2026-06-06T12:55:00Z
3
value 0.00022
scoring_system epss
scoring_elements 0.06271
published_at 2026-06-07T12:55:00Z
4
value 0.00022
scoring_system epss
scoring_elements 0.06226
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25223
2
reference_url https://fastify.dev/docs/latest/Reference/Validation-and-Serialization
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T21:18:10Z/
url https://fastify.dev/docs/latest/Reference/Validation-and-Serialization
3
reference_url https://github.com/fastify/fastify
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/fastify/fastify
4
reference_url https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T21:18:10Z/
url https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125
5
reference_url https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T21:18:10Z/
url https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272
6
reference_url https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T21:18:10Z/
url https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821
7
reference_url https://hackerone.com/reports/3464114
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T21:18:10Z/
url https://hackerone.com/reports/3464114
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436560
reference_id 2436560
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436560
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25223
reference_id CVE-2026-25223
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25223
10
reference_url https://github.com/advisories/GHSA-jx2c-rxcm-jvmq
reference_id GHSA-jx2c-rxcm-jvmq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jx2c-rxcm-jvmq
11
reference_url https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq
reference_id GHSA-jx2c-rxcm-jvmq
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T21:18:10Z/
url https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq
12
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
13
reference_url https://access.redhat.com/errata/RHSA-2026:5807
reference_id RHSA-2026:5807
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5807
14
reference_url https://access.redhat.com/errata/RHSA-2026:6192
reference_id RHSA-2026:6192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6192
fixed_packages
0
url pkg:npm/fastify@5.7.2
purl pkg:npm/fastify@5.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13ut-fezt-uuh1
1
vulnerability VCID-ma3h-te21-ekhk
2
vulnerability VCID-sg2c-d386-d7dk
3
vulnerability VCID-zxan-bkya-9kau
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/fastify@5.7.2
aliases CVE-2026-25223, GHSA-jx2c-rxcm-jvmq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2bqg-g3xd-tyd4
1
url VCID-7k4f-2wdy-c7hz
vulnerability_id VCID-7k4f-2wdy-c7hz
summary fastify: CSRF
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41919.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41919.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41919
reference_id
reference_type
scores
0
value 0.00117
scoring_system epss
scoring_elements 0.29965
published_at 2026-06-08T12:55:00Z
1
value 0.00117
scoring_system epss
scoring_elements 0.29978
published_at 2026-06-09T12:55:00Z
2
value 0.00149
scoring_system epss
scoring_elements 0.35059
published_at 2026-06-04T12:55:00Z
3
value 0.00149
scoring_system epss
scoring_elements 0.35155
published_at 2026-06-05T12:55:00Z
4
value 0.00149
scoring_system epss
scoring_elements 0.3517
published_at 2026-06-06T12:55:00Z
5
value 0.00149
scoring_system epss
scoring_elements 0.35132
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41919
2
reference_url https://github.com/fastify/fastify
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/fastify/fastify
3
reference_url https://github.com/fastify/fastify/commit/62dde76f1f7aca76e38625fe8d983761f26e6fc9
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:07Z/
url https://github.com/fastify/fastify/commit/62dde76f1f7aca76e38625fe8d983761f26e6fc9
4
reference_url https://github.com/fastify/fastify/security/advisories/GHSA-3fjj-p79j-c9hh
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:07Z/
url https://github.com/fastify/fastify/security/advisories/GHSA-3fjj-p79j-c9hh
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-41919
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-41919
6
reference_url https://www.npmjs.com/package/@fastify/csrf
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/@fastify/csrf
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2159502
reference_id 2159502
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2159502
8
reference_url https://www.npmjs.com/package/%40fastify/csrf
reference_id csrf
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:07Z/
url https://www.npmjs.com/package/%40fastify/csrf
9
reference_url https://github.com/advisories/GHSA-3fjj-p79j-c9hh
reference_id GHSA-3fjj-p79j-c9hh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3fjj-p79j-c9hh
fixed_packages
0
url pkg:npm/fastify@4.10.2
purl pkg:npm/fastify@4.10.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bqg-g3xd-tyd4
1
vulnerability VCID-ma3h-te21-ekhk
2
vulnerability VCID-zxan-bkya-9kau
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/fastify@4.10.2
aliases CVE-2022-41919, GHSA-3fjj-p79j-c9hh, GMS-2022-6953
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7k4f-2wdy-c7hz
2
url VCID-ma3h-te21-ekhk
vulnerability_id VCID-ma3h-te21-ekhk
summary fastify: request.protocol and request.host spoofable via X-Forwarded-Proto/Host from untrusted connections when trustProxy uses restrictive trust function
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3635.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3635.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3635
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01844
published_at 2026-06-09T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01866
published_at 2026-06-05T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.01871
published_at 2026-06-06T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01864
published_at 2026-06-07T12:55:00Z
4
value 0.00012
scoring_system epss
scoring_elements 0.01852
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3635
2
reference_url https://cna.openjsf.org/security-advisories.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T15:29:15Z/
url https://cna.openjsf.org/security-advisories.html
3
reference_url https://github.com/fastify/fastify
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/fastify/fastify
4
reference_url https://github.com/fastify/fastify/releases/tag/v5.8.3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/fastify/fastify/releases/tag/v5.8.3
5
reference_url https://github.com/fastify/fastify/security/advisories/GHSA-444r-cwp2-x5xf
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T15:29:15Z/
url https://github.com/fastify/fastify/security/advisories/GHSA-444r-cwp2-x5xf
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3635
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3635
7
reference_url https://www.cve.org/CVERecord?id=CVE-2026-3635
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T15:29:15Z/
url https://www.cve.org/CVERecord?id=CVE-2026-3635
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450330
reference_id 2450330
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450330
9
reference_url https://github.com/advisories/GHSA-444r-cwp2-x5xf
reference_id GHSA-444r-cwp2-x5xf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-444r-cwp2-x5xf
fixed_packages
0
url pkg:npm/fastify@5.8.3
purl pkg:npm/fastify@5.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13ut-fezt-uuh1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/fastify@5.8.3
aliases CVE-2026-3635, GHSA-444r-cwp2-x5xf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ma3h-te21-ekhk
3
url VCID-zxan-bkya-9kau
vulnerability_id VCID-zxan-bkya-9kau
summary 
Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream
A Denial of Service vulnerability in Fastify's Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a `ReadableStream` (or `Response` with a Web Stream body) via `reply.send()` are impacted. A slow or non-reading client can trigger unbounded buffering when backpressure is ignored, leading to process crashes or severe degradation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25224.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25224.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25224
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05583
published_at 2026-06-08T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05638
published_at 2026-06-05T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05624
published_at 2026-06-09T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05625
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25224
2
reference_url https://github.com/fastify/fastify
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/fastify/fastify
3
reference_url https://github.com/fastify/fastify/commit/eb11156396f6a5fedaceed0140aed2b7f026be37
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T16:20:26Z/
url https://github.com/fastify/fastify/commit/eb11156396f6a5fedaceed0140aed2b7f026be37
4
reference_url https://hackerone.com/reports/3524779
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T16:20:26Z/
url https://hackerone.com/reports/3524779
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436557
reference_id 2436557
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436557
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25224
reference_id CVE-2026-25224
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25224
7
reference_url https://github.com/advisories/GHSA-mrq3-vjjr-p77c
reference_id GHSA-mrq3-vjjr-p77c
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mrq3-vjjr-p77c
8
reference_url https://github.com/fastify/fastify/security/advisories/GHSA-mrq3-vjjr-p77c
reference_id GHSA-mrq3-vjjr-p77c
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T16:20:26Z/
url https://github.com/fastify/fastify/security/advisories/GHSA-mrq3-vjjr-p77c
fixed_packages
0
url pkg:npm/fastify@5.7.3
purl pkg:npm/fastify@5.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13ut-fezt-uuh1
1
vulnerability VCID-ma3h-te21-ekhk
2
vulnerability VCID-sg2c-d386-d7dk
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/fastify@5.7.3
aliases CVE-2026-25224, GHSA-mrq3-vjjr-p77c
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zxan-bkya-9kau
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/fastify@4.8.0