| CVE-2025-15284 |
high |
— |
8.0 |
|
|
|
16d ago |
Important: linux-sgx security update |
| CVE-2017-1000048 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Prototype Pollution Protection Bypass in qs |
| CVE-2022-24999 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:0050: nodejs:14 security, bug fix, and enhancement update (Moderate) |
| CVE-2026-8723 |
medium |
5.3 |
5.3 |
|
|
|
18d ago |
### Summary `qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The throw is synchronous and not ha… |
| CVE-2014-7191 |
medium |
— |
5.0 |
|
|
|
12y ago |
The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value t… |
| CVE-2026-2391 |
unknown |
— |
— |
|
|
|
4mo ago |
### Summary The `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This i… |
| CVE-2014-10064 |
unknown |
— |
— |
|
|
|
8y ago |
The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of t… |
