fast-uri

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting fast-uripage 1 of 1

CVE-2026-6321HIGHCVSS 7.5EG 7.5✓ Fixed in 3.1.1
2026-05-04
fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real slashes and parent-directory references, so distinct UR…
CVE-2026-6322HIGHCVSS 7.5EG 7.5✓ Fixed in 3.1.2
2026-05-05
fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain…

Check whether fast-uri is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for fast-uri CVEs against the assets you own.

Start Free Scan →