forwarded

8 known vulnerabilities · 0 critical · 1 high

Regular Expression Denial of Service in forwarded

Published Jul 24, 2018

Misskey has a login rate limit bypass via spoofed X-Forwarded-For header

Published Dec 15, 2025

OpenClaw improperly parses X-Forwarded-For behind trusted proxies allows client IP spoofing in security decisions

Published Mar 3, 2026

Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers

Published Apr 1, 2025

fastify: request.protocol and request.host Spoofable via X-Forwarded-Proto/Host from Untrusted Connections

Published Mar 25, 2026

Astro's `X-Forwarded-Host` is reflected without validation

Published Oct 10, 2025

Angular SSR has an Open Redirect via X-Forwarded-Prefix

Published Feb 25, 2026

GHSA-69xr-m8h6-h664

Angular SSR has Open Redirect and Request Steering via Encoded X-Forwarded-Prefix

Published May 6, 2026

Check your entire dependency tree at onceRun dependency scan →