Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

nearform — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting nearform. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Nearform specializes in developing high-performance software solutions, with a focus on Node.js and enterprise applications. Historically, their products have been associated with vulnerabilities like remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation flaws and insecure dependencies. While no major security incidents have been publicly documented, the 8 CVEs on record highlight recurring issues in component security and access controls. Their codebase typically emphasizes performance but has shown susceptibility to common web vulnerabilities, particularly in server-side request forgery and insecure deserialization. Security researchers note that while Nearform addresses reported flaws promptly, their complex architecture occasionally introduces exploitable misconfigurations in production environments.

Top products by nearform: fast-jwt get-jwks
CVE IDTitleCVSSSeverityPublished
CVE-2026-35041 ReDoS in fast-jwt when using RegExp in allowed* leading to CPU exhaustion during token verification — fast-jwtCWE-1333 4.2 Medium2026-04-09
CVE-2026-35040 fast-jwt: Stateful RegExp (/g or /y) causes non-deterministic allowed-claim validation (logical DoS) — fast-jwtCWE-697 5.3 Medium2026-04-09
CVE-2026-35042 fast-jwt accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation) — fast-jwtCWE-345 7.5 High2026-04-06
CVE-2026-35039 fast-jwt Affected by Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup) — fast-jwtCWE-345 9.1 Critical2026-04-06
CVE-2026-34950 fast-jwt has an incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key — fast-jwtCWE-327 9.1 Critical2026-04-06
CVE-2025-59936 get-jwks poisoned JWKS cache allows post-fetch issuer validation bypass — get-jwksCWE-116 5.9 -2025-09-27
CVE-2025-30144 Fast-JWT Improperly Validates iss Claims — fast-jwtCWE-345 6.5 Medium2025-03-19
CVE-2023-48223 fast-jwt JWT Algorithm Confusion — fast-jwtCWE-20 5.9 Medium2023-11-20

This page lists every published CVE security advisory associated with nearform. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.