VYPR

npm package

@nestjs/core

pkg:npm/%40nestjs/core

Vulnerabilities (2)

  • CVE-2026-35515MedApr 7, 2026
    affected < 11.1.18fixed 11.1.18

    Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.18, SseStream._transform() interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters (\r, \n). Since the SSE protoc

  • CVE-2023-26108Mar 6, 2023
    affected < 9.0.5fixed 9.0.5

    Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will