Security

SECURITY.md

Security Policy

Reporting a Vulnerability

Please report security issues to support@nestjs.com.

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in @nestjs/core
GHSA-36xv-jgw5-4q75 published Apr 3, 2026 by kamilmysliwiec

Moderate
Fastify HEAD Request Middleware Bypass
GHSA-wf42-42fg-fg84 published Mar 16, 2026 by kamilmysliwiec

High
Fastify URL Encoding Middleware Bypass
GHSA-r4wm-x892-vjmx published Feb 28, 2026 by kamilmysliwiec

High
Fastify URL Encoding Middleware Bypass (TOCTOU)
GHSA-8wpr-639p-ccrj published Dec 29, 2025 by kamilmysliwiec

High
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers
GHSA-85cg-cmq5-qjm7 published Aug 1, 2025 by kamilmysliwiec

Critical

Learn more about advisories related to nestjs/nest in the GitHub Advisory Database