Feather Js
Products
2- 5 CVEs
- 3 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-2422 | Cri | 0.58 | 10.0 | 0.01 | Oct 26, 2022 | Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used. | ||
| CVE-2022-29823 | Cri | 0.58 | 10.0 | 0.01 | Oct 26, 2022 | Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application. | ||
| CVE-2022-29822 | Cri | 0.58 | 10.0 | 0.01 | Oct 26, 2022 | Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection | ||
| CVE-2023-37899 | Hig | 0.42 | 7.5 | 0.01 | Jul 19, 2023 | Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like `const message = ${{ toString: '' }}` which would cause the NodeJS process to crash when sending… | ||
| CVE-2026-29792 | 0.00 | — | 0.01 | Mar 10, 2026 | Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, an unauthenticated attacker can send a crafted GET request directly to /oauth/:provider/callback with a forged profile in the query string. The… | |||
| CVE-2026-27193 | 0.00 | — | 0.00 | Feb 21, 2026 | Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, all HTTP request headers are stored in the session cookie, which is signed but not encrypted, exposing internal proxy/gateway headers to… | |||
| CVE-2026-27192 | 0.00 | — | 0.00 | Feb 21, 2026 | Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, origin validation uses startsWith() for comparison, allowing attackers to bypass the check by registering a domain that shares a common prefix… | |||
| CVE-2026-27191 | 0.00 | — | 0.00 | Feb 21, 2026 | Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Versions 5.0.39 and below the redirect query parameter is appended to the base origin without validation, allowing attackers to steal access tokens via URL authority… |
- risk 0.58cvss 10.0epss 0.01
Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used.
- risk 0.58cvss 10.0epss 0.01
Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application.
- risk 0.58cvss 10.0epss 0.01
Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection
- risk 0.42cvss 7.5epss 0.01
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like `const message = ${{ toString: '' }}` which would cause the NodeJS process to crash when sending…
- CVE-2026-29792Mar 10, 2026risk 0.00cvss —epss 0.01
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, an unauthenticated attacker can send a crafted GET request directly to /oauth/:provider/callback with a forged profile in the query string. The…
- CVE-2026-27193Feb 21, 2026risk 0.00cvss —epss 0.00
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, all HTTP request headers are stored in the session cookie, which is signed but not encrypted, exposing internal proxy/gateway headers to…
- CVE-2026-27192Feb 21, 2026risk 0.00cvss —epss 0.00
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, origin validation uses startsWith() for comparison, allowing attackers to bypass the check by registering a domain that shares a common prefix…
- CVE-2026-27191Feb 21, 2026risk 0.00cvss —epss 0.00
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Versions 5.0.39 and below the redirect query parameter is appended to the base origin without validation, allowing attackers to steal access tokens via URL authority…