nestjs
Security Risk Profile
50
/100
mediumSecurity Risk Score
Comprehensive risk assessment based on 8 vulnerabilities, EPSS scores, exploitation status, and remediation availability.
📅 Data spans from March 6, 2023 to present
8
Total CVEs
5
Critical+High
0
Exploited
0
Unpatched
Threat Assessment
Avg CVSS
7.3
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
0
Critical/High
Risk Level
50/100
medium
Severity Distribution
Critical
1High
4Medium
3Low
0Exploit Likelihood
>50% chance
020-50%
05-20%
0<5%
1Age Distribution
Common Weaknesses (CWE)
1
XSS
1
2
Input Validation
1
3
Command Injection
1
4
OS Command Injection
1
5
CSRF
1
Most Affected Products
1. nestjs Nest Node.js7
2. npm/@nestjs/platform-fastify5
3. npm/@nestjs/common2
4. npm/@nestjs/microservices1
5. npm/@nestjs/core1
Recent Vulnerabilities
See more →CVE-2026-40879
CVSS 7.5high
Nest: DoS via Recursive handleData in JsonSocket (TCP Transport)
4/14/2026
CVE-2026-35515
CVSS 6.3medium
@nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection')
4/6/2026
CVE-2026-33011
CVSS 8.7EPSS 0%high
Nest Fastify HEAD Request Middleware Bypass
3/17/2026
CVE-2026-2293
CVSS 8.2high
NestJS 11.1.13 - Lack of data validation allowing authentication/authorization bypass
2/27/2026
CVE-2025-69211
CVSS 7.4high
Nest has a Fastify URL Encoding Middleware Bypass (TOCTOU)
12/29/2025
CVE-2025-54782
CVSS 9.4critical
@nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers
8/1/2025
CVE-2024-29409
CVSS 5.5medium
3/14/2025
CVE-2023-26108
CVSS 5.3medium
3/6/2023
Monitor nestjs in Real-Time
Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.