hapi

17 known vulnerabilities · 1 critical · 2 high

CVE-2014-4671MEDIUM

Rosetta-Flash JSONP Vulnerability in hapi

Published Aug 31, 2020

CVE-2017-16013HIGH

Denial of Service via malformed accept-encoding header in hapi

Published Oct 9, 2018

CVE-2014-3742MEDIUM

File Descriptor Leak Can Cause DoS Vulnerability in hapi

Published Oct 24, 2017

CVE-2015-9243MEDIUM

Unsafe Merging of CORS Configuration Conflict in hapi

Published Sep 1, 2020

CVE-2015-9236MEDIUM

Incorrect handling of CORS preflight request headers in hapi

Published Jun 7, 2018

CVE-2015-9241HIGH

Denial of Service in hapi

Published Jun 7, 2018

CVE-2025-26042

Uptime Kuma's Regular Expression in pushdeeer and whapi file Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

Published Mar 31, 2025

CVE-2016-10525CRITICAL

Authentication Bypass in hapi-auth-jwt2

Published Feb 18, 2019

MAL-2025-190690

Malicious code in @trigo/trigo-hapijs (npm)

Published Nov 24, 2025

MAL-2024-936

Malicious code in jewishapi (npm)

Published Jan 29, 2024

MAL-2026-1108

Malicious code in hapi-lint (npm)

Published Mar 2, 2026

MAL-2025-190829

Malicious code in @trigo/hapi-auth-signedlink (npm)

Published Nov 24, 2025

GHSA-36hh-x5p5-jgc8

@hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters

Published May 27, 2026

GHSA-vhjm-w67q-g75c

@hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects

Published May 27, 2026

CVE-2026-35213

Risk: 44.38/100

@hapi/content: Regular Expression Denial of Service (ReDoS) in HTTP header parsing

Published Apr 4, 2026

GHSA-rcvq-m9j9-6f4g

@hapi/inert has a static-file confinement bypass via sibling-prefix path

Published Jun 11, 2026

GHSA-x426-x7cc-3fpc

@hapi/wreck: Sensitive credential headers leak across cross-port and cross-scheme redirects

Published Jun 11, 2026

Check your entire dependency tree at onceRun dependency scan →