VIR Vulnerability Intelligence Relay

Package impact

npm npm / qs

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2025-15284 high 8.0 9d ago Important: linux-sgx security update redhatdebiannpm
CVE-2017-1000048 high 7.5 7.5 9y ago Prototype Pollution Protection Bypass in qs npm
CVE-2022-24999 medium 5.5 4y ago Moderate: nodejs:14 security, bug fix, and enhancement update rockylinuxdebiannpm
CVE-2026-8723 medium 5.3 5.3 11d ago qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set debiannpm
CVE-2014-7191 medium 5.0 12y ago The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value t… debiannpmnodejs
CVE-2026-2391 unknown 4mo ago ### Summary The `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This i… debiannpm
CVE-2014-10064 unknown 8y ago The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of t… debiannpm