Launch Week Day 1: Announcing Security Design Review
Start for Free
npm

@fastify/express

View on npm registry
3 Total advisories
3 Vulnerabilities
0 Malware

Vulnerabilities

CRITICAL 9.1
npm

CVE-2026-33808

@fastify/express has a middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons)
CRITICAL 9.1
npm

CVE-2026-33807

@fastify/express's middleware path doubling causes authentication bypass in child plugin scopes
HIGH 8.4
npm

CVE-2026-22037

@fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes