If you believe you have found a security issue in the software in this repository, please consult https://github.com/nodejs/node/blob/HEAD/SECURITY.md.
Security: nodejs/undici
Security
SECURITY.md
-
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in undiciGHSA-2mjp-6q6p-2qxm published
Mar 12, 2026 by mcollinaModerate -
Malicious WebSocket 64-bit length overflows undici parser and crashes the clientGHSA-f269-vfmq-vjvj published
Mar 12, 2026 by mcollinaHigh -
Unbounded Memory Consumption in Undici's DeduplicationHandler via Response Buffering leads to DoSGHSA-phc3-fgpg-7m6h published
Mar 12, 2026 by mcollinaModerate -
CRLF Injection in undici via `upgrade` optionGHSA-4992-7rv2-5pvq published
Mar 12, 2026 by mcollinaModerate -
Unhandled Exception in undici WebSocket Client Due to Invalid server_max_window_bits ValidationGHSA-v9p9-hfj2-hcw8 published
Mar 12, 2026 by mcollinaHigh -
Unbounded Memory Consumption in undici WebSocket permessage-deflate DecompressionGHSA-vrm6-8vpv-qv8q published
Mar 12, 2026 by mcollinaHigh -
Unbounded decompression chain in HTTP responses via Content-Encoding leads to resource exhaustionGHSA-g9mf-h72j-4rw9 published
Jan 14, 2026 by mcollinaModerate -
Denial of Service attack via bad certificate dataGHSA-cxrh-j4jr-qwg3 published
May 15, 2025 by mcollinaLow -
Use of Insufficiently Random Values in undici fetch()GHSA-c76h-2ccp-4975 published
Jan 21, 2025 by mcollinaModerate -
Data leak when using response.arrayBuffer()GHSA-3g92-w8c5-73pq published
Jul 8, 2024 by mcollinaLow
Learn more about advisories related to nodejs/undici in the GitHub Advisory Database