Overview · chimurai/http-proxy-middleware · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

multipart/form-data field injection via unescaped CRLF in `fixRequestBody`
GHSA-gcq2-9pq2-cxqm published Jun 17, 2026 by chimurai

High
`router` host+path substring matching allows Host-header-driven backend routing bypass
GHSA-64mm-vxmg-q3vj published Jun 17, 2026 by chimurai

Moderate

Learn more about advisories related to chimurai/http-proxy-middleware in the GitHub Advisory Database