forwarded

7 known vulnerabilities · 0 critical · 1 high

Regular Expression Denial of Service in forwarded

Published Jul 24, 2018

fastify: request.protocol and request.host Spoofable via X-Forwarded-Proto/Host from Untrusted Connections

Published Mar 25, 2026

Misskey has a login rate limit bypass via spoofed X-Forwarded-For header

Published Dec 15, 2025

OpenClaw improperly parses X-Forwarded-For behind trusted proxies allows client IP spoofing in security decisions

Published Mar 3, 2026

Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers

Published Apr 1, 2025

Astro's `X-Forwarded-Host` is reflected without validation

Published Oct 10, 2025

Angular SSR has an Open Redirect via X-Forwarded-Prefix

Published Feb 25, 2026

Check your entire dependency tree at onceRun dependency scan →