Browse all 3 CVE security advisories affecting Feather js. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Feather.js is a lightweight JavaScript framework for building real-time applications and APIs. Historically, it has faced vulnerabilities including remote code execution (RCE) through unsafe object deserialization, cross-site scripting (XSS) due to improper input sanitization, and privilege escalation flaws in authentication mechanisms. The project currently has three CVEs on record, highlighting persistent security concerns. While its minimalist design reduces attack surface compared to heavier frameworks, developers must implement strict input validation and secure configuration to mitigate risks. No major security incidents have been widely reported, but the existing CVEs demonstrate potential for severe exploitation if proper safeguards aren't implemented.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-2422 | Feathers - SQL injection via attribute aliases — Feathers-SequalizeCWE-89 | 10.0 | Critical | 2022-10-25 |
| CVE-2022-29822 | Feathers - Improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection — Feathers-SequalizeCWE-89 | 10.0 | Critical | 2022-10-25 |
| CVE-2022-29823 | Feathers - Query “__proto__” is converted to real prototype — Feathers-SequalizeCWE-1321 | 10.0 | Critical | 2022-10-25 |
This page lists every published CVE security advisory associated with Feather js. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.