@fastify/reply-from (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package @fastify/reply-from, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2026-33805 — CVSS 8.6 (high): @fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy…
CVE-2025-66415 — CVSS 5.4 (medium): fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL…
CVE-2023-51701 — CVSS 5.3 (medium): fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with…