nitropack

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting nitropackpage 1 of 1

CVE-2026-44372MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.13.4
2026-05-13
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is …
CVE-2026-44373MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.13.4
2026-05-13
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal (..%2f) in the URL, causing Nitro to forward a request that the upstream resolved ou…

Check whether nitropack is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for nitropack CVEs against the assets you own.

Start Free Scan →