VYPR

Nest

by Nestjs

Source repositories

CVEs (13)

  • CVE-2026-2293CriFeb 27, 2026
    risk 0.57cvss 9.8epss 0.01

    A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled. This issue affects nest.Js: 11.1.13.

  • CVE-2026-40879HigApr 21, 2026
    risk 0.42cvss 7.5epss 0.00

    Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when an attacker sends many small, valid JSON messages in one TCP frame, handleData() recurses once per message; the buffer shrinks each call. maxBufferSize is never reached; call stack…

  • CVE-2026-54281higJun 15, 2026
    risk 0.38cvss epss 0.00

    ### Impact An authentication bypass vulnerability exists in `@nestjs/platform-fastify` (confirmed on version `11.1.24`, the latest available release at time of report). When middleware is registered through NestJS's `MiddlewareConsumer.forRoutes()` API on the Fastify adapter,…

  • CVE-2026-35515MedApr 7, 2026
    risk 0.33cvss 6.1epss 0.00

    Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.18, SseStream._transform() interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters (\r, \n). Since the SSE…

  • CVE-2025-54782Aug 1, 2025
    risk 0.03cvss epss 0.46

    Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution (RCE) vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP…

  • CVE-2026-33011Mar 20, 2026
    risk 0.00cvss epss 0.00

    Nest is a framework for building scalable Node.js server-side applications. In versions 11.1.15 and below, a NestJS application using @nestjs/platform-fastify GET middleware can be bypassed because Fastify automatically redirects HEAD requests to the corresponding GET handlers…

  • CVE-2025-69211Dec 29, 2025
    risk 0.00cvss epss 0.00

    Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses `@nestjs/platform-fastify`; relies on `NestMiddleware` (via `MiddlewareConsumer`)…

  • CVE-2024-29409Mar 14, 2025
    risk 0.00cvss epss 0.00

    File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header.

  • CVE-2024-32928Aug 19, 2024
    risk 0.00cvss epss 0.00

    The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through.

  • CVE-2019-5043Oct 31, 2019
    risk 0.00cvss epss 0.01

    An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this…

  • CVE-2019-5035Aug 20, 2019
    risk 0.00cvss epss 0.00

    An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device…

  • CVE-2019-5034Aug 20, 2019
    risk 0.00cvss epss 0.01

    An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets…

  • CVE-2019-5037Aug 20, 2019
    risk 0.00cvss epss 0.01

    An exploitable denial-of-service vulnerability exists in the Weave certificate loading functionality of Nest Cam IQ Indoor camera, version 4620002. A specially crafted weave packet can cause an integer overflow and an out-of-bounds read on unmapped memory to occur, resulting in…