Security Advisories

Date	CVE ID	Advisory	Project	Title
2026-03-12	CVE-2026-2581	Advisory	undici	Unbounded Memory Consumption in Undici's DeduplicationHandler via Response Buffering leads to DoS
2026-03-12	CVE-2026-1527	Advisory	undici	CRLF Injection in undici via upgrade option
2026-03-12	CVE-2026-1528	Advisory	undici	Malicious WebSocket 64-bit length overflows undici parser and crashes the client
2026-03-12	CVE-2026-2229	Advisory	undici	Unhandled Exception in undici WebSocket Client Due to Invalid server_max_window_bits Validation
2026-03-12	CVE-2026-1526	Advisory	undici	Unbounded Memory Consumption in undici WebSocket permessage-deflate Decompression
2026-03-12	CVE-2026-1525	Advisory	undici	Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) in undici
2026-03-05	CVE-2026-3419	Advisory	fastify	Fastify vulnerable to missing end anchor in subtypeNameReg Allows Malformed Content-Types to Pass Validation
2026-03-04	CVE-2026-3520	Advisory	multer	Multer vulnerable to Denial of Service via uncontrolled recursion
2026-02-27	CVE-2026-2880	Advisory	@fastify/middie	@fastify/middie has an improper path normalization vulnerability
2026-02-27	CVE-2026-3304	Advisory	multer	Multer vulnerable to Denial of Service via incomplete cleanup
2026-02-27	CVE-2026-2359	Advisory	multer	multer vulnerable to Denial of Service via resource exhaustion
2026-01-21	CVE-2025-13465	Advisory	lodash	Prototype Pollution Vulnerability in Lodash `_.unset` and `_.omit` functions
2025-11-24	CVE-2025-13466	Advisory	body-parser	body-parser vulnerable to denial of service when url encoding is used
2025-07-17	CVE-2025-7339	Advisory	on-headers	on-headers vulnerable to http response header manipulation
2025-07-17	CVE-2025-7338	Advisory	multer	Multer vulnerable to Denial of Service via unhandled exception from malformed request