@nestjs/platform-fastify (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package @nestjs/platform-fastify, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2026-2293 — CVSS 9.8 (critical): A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify…
CVE-2026-54281: Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.24, an authentication bypass vulnerability exists…
CVE-2026-33011 — CVSS 7.5 (high): Nest is a framework for building scalable Node.js server-side applications. In versions 11.1.15 and below, a NestJS application using…
CVE-2025-69211 — CVSS 7.4 (high): Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding…