Browse all 5 CVE security advisories affecting feathersjs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
FeathersJS is a real-time application framework enabling rapid development of REST APIs and WebSocket services. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, primarily stemming from misconfigurations and input validation flaws. The framework's modular architecture introduces potential attack surfaces through third-party plugins. While no major public security incidents have been documented, the five recorded CVEs highlight risks in default configurations and improper sanitization. Developers should implement strict input validation, secure authentication mechanisms, and regular dependency updates to mitigate these risks when building applications with FeathersJS.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-29792 | Feathersjs has an OAuth Callback Account Takeover — feathersCWE-287 | 8.2AI | HighAI | 2026-03-10 |
| CVE-2026-27193 | Feathers exposes internal headers via unencrypted session cookie — feathersCWE-200 | 5.3AI | MediumAI | 2026-02-21 |
| CVE-2026-27192 | Feathers has an origin validation bypass via prefix matching — feathersCWE-346 | 9.1AI | CriticalAI | 2026-02-21 |
| CVE-2026-27191 | Feathers: Open Redirect in OAuth callback enables account takeover — feathersCWE-601 | 8.1AI | HighAI | 2026-02-21 |
| CVE-2023-37899 | feathersjs socket handler allows abusing implicit toString — feathersCWE-754 | 7.5 | High | 2023-07-19 |
This page lists every published CVE security advisory associated with feathersjs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.