feathersjs / feathers Public

• Notifications You must be signed in to change notification settings
• Fork 797

• Star 15.2k

No security policy detected

This project has not set up a SECURITY.md file yet.

• NoSQL Injection via WebSocket id Parameter in MongoDB Adapter

  GHSA-p9xr-7p9p-gpqx published Mar 10, 2026 by daffl

  High

• OAuth Callback Account Takeover

  GHSA-wg9x-qfgw-pxhj published Mar 10, 2026 by daffl

  Critical

• Internal headers exposed via unencrypted session cookie

  GHSA-9m9c-vpv5-9g85 published Feb 18, 2026 by daffl

  Moderate

• Origin validation bypass via prefix matching

  GHSA-mp4x-c34x-wv3x published Feb 18, 2026 by daffl

  High

• Open redirect in OAuth callback enables account takeover

  GHSA-ppf9-4ffw-hh4p published Feb 18, 2026 by daffl

  High

• Socket handler allows abusing implicit toString

  GHSA-hhr9-rh25-hvf9 published Jul 19, 2023 by daffl

  High

Learn more about advisories related to feathersjs/feathers in the GitHub Advisory Database