Nestjs Core vulnerabilities
2 known vulnerabilities affecting nestjs/core.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-35515P4MEDIUM≥ 0, < 11.1.182026-04-06
CVE-2026-35515 [MEDIUM] CWE-74 @nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection')
@nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection')
### Impact
_What kind of vulnerability is it? Who is impacted?_
[`SseStream._transform()`](https://github.com/nestjs/nest/blob/dea5279ef8fcb568de158003e4281759a2cd7675/packages/core/router/sse-stream.ts) interpolates `message.type` and `message.id` di
ghsaosv
CVE-2023-26108P4MEDIUMCVSS 5.3fixed in 9.0.52023-03-06
CVE-2023-26108 [MEDIUM] CWE-200 CVE-2023-26108: Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the Str
Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.
ghsanvdosv