Package impact
npm / @fastify/express
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-33808 | critical | 9.1 | 9.1 | 2mo ago | Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows complete bypass of path-… | |||
| CVE-2026-33807 | critical | 9.1 | 9.1 | 2mo ago | @fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is register… |