body-parser is vulnerable to denial of service when url encoding is used

🗓️ 25 Nov 2025 14:20:21Reported by GitHub Advisory DatabaseType

body-parser can suffer DoS from URL encoded requests with many parameters; fixed in version 2.2.1.

Reporter	Title	Published	Views	Family All 38
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	6 Feb 202617:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple node modules (CVE-2025-64718, CVE-2025-64756, CVE-2025-13466 & CVE-2025-65945)	22 Dec 202511:27	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service due to body-parser	30 Mar 202615:20	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in body-parser-2.2.0.tgz affecting MongoDB Enterprised Advanced (CVE-2025-13466)	24 Feb 202619:20	–	ibm
IBM Security Bulletins	Security Bulletin: The Log Source Management App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	16 Mar 202618:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service (CVE-2025-12758, CVE-2025-13466, CVE-2025-14874) and loss of confidentiality (CVE-2025-65945)	5 Feb 202612:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge	10 Mar 202607:07	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in watsonx.data	9 May 202608:59	–	ibm
IBM Security Bulletins	Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in body-parser (CVE-2025-13466) and qs (CVE-2025-15284, CVE-2026-2391)	25 Feb 202616:10	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in the body-parser package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.	27 Feb 202616:17	–	ibm

Vulners

Node

openjsf body-parserRange2.2.0–2.2.1npm

Source	Link
github	www.github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-13466
github	www.github.com/expressjs/body-parser/commit/b204886a6744b0b6d297cd0e849d75de836f3b63
github	www.github.com/expressjs/body-parser/releases/tag/v2.2.1
github	www.github.com/advisories/GHSA-wqch-xfxh-vrr4

25 Nov 2025 18:09Current

6.7Medium risk

Vulners AI Score6.7

CVSS 46.9

EPSS0.00035

SSVC

CWE-400