Package impact
npm / qs
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-15284 | high | — | 8.0 | 10d ago | Important: linux-sgx security update | |||
| CVE-2017-1000048 | high | 7.5 | 7.5 | 9y ago | Prototype Pollution Protection Bypass in qs | |||
| CVE-2022-24999 | medium | — | 5.5 | 4y ago | Moderate: nodejs:14 security, bug fix, and enhancement update | |||
| CVE-2026-8723 | medium | 5.3 | 5.3 | 12d ago | qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set | |||
| CVE-2014-7191 | medium | — | 5.0 | 12y ago | The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value t… |