Browse all 9 CVE security advisories affecting nearform. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Nearform specializes in developing high-performance software solutions, with a focus on Node.js and enterprise applications. Historically, their products have been associated with vulnerabilities like remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation flaws and insecure dependencies. While no major security incidents have been publicly documented, the 8 CVEs on record highlight recurring issues in component security and access controls. Their codebase typically emphasizes performance but has shown susceptibility to common web vulnerabilities, particularly in server-side request forgery and insecure deserialization. Security researchers note that while Nearform addresses reported flaws promptly, their complex architecture occasionally introduces exploitable misconfigurations in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-59936 | get-jwks poisoned JWKS cache allows post-fetch issuer validation bypass — get-jwksCWE-116 | 5.9 | - | 2025-09-27 |
This page lists every published CVE security advisory associated with nearform. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.