Package impact
npm / qs
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2022-24999 | medium | — | 5.5 | 4y ago | Moderate: nodejs:14 security, bug fix, and enhancement update | |
| CVE-2026-8723 | medium | 5.3 | 5.3 | 12d ago | qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set | |
| CVE-2014-7191 | medium | — | 5.0 | 12y ago | The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value t… |