Node.js fastify-multipart module is vulnerable to a denial of service, caused by improper input validation. By providing a name=constructor property, a remote attacker could exploit this vulnerability to cause the application to crash.
Node.js @peertube/embed-api module is vulnerable to server-side request forgery, caused by a flaw in the URL download procedure. By using a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to enumerate local server files and media files.
Refer to the vendor website to download patches, updates, and apply workarounds: