OsVault/npm/http-proxy
npm1 critical

http-proxy

13 known vulnerabilities · 1 critical · 3 high

CVE-2017-16014HIGH

Insufficient Error Handling in http-proxy

Published Nov 9, 2018
CVE-2024-21536HIGH

Denial of service in http-proxy-middleware

Published Oct 19, 2024
CVE-2017-16075HIGH

http-proxy.js is malware

Published Aug 29, 2018
CVE-2019-10196CRITICAL

Resource Exhaustion Denial of Service in http-proxy-agent

Published Jan 6, 2022
CVE-2025-32997

http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed

Published Apr 15, 2025
CVE-2025-32996

http-proxy-middleware can call writeBody twice because "else if" is not used

Published Apr 15, 2025
MAL-2024-10989

Malicious code in n-http-proxy (npm)

Published Nov 26, 2024
MAL-2022-3698

Malicious code in http-proxy-iddlemare (npm)

Published Aug 19, 2022
MAL-2022-3699

Malicious code in http-proxy-middelware (npm)

Published Jun 20, 2022
MAL-2024-1164

Malicious code in paysafe-gpf-as-http-proxy-middleware-body-replace (npm)

Published Apr 2, 2024
MAL-2025-4834

Malicious code in http-proxy-error (npm)

Published Jun 10, 2025
GHSA-64mm-vxmg-q3vj

http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass

Published Jun 18, 2026
GHSA-gcq2-9pq2-cxqm

http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`

Published Jun 18, 2026
Check your entire dependency tree at onceRun dependency scan →