CVE-2026-25754

CVE-2026-25754 affects AdonisJS multipart form-data parsing (package: @adonisjs/bodyparser). The underlying issue is prototype pollution caused by insufficient validation of multipart field names during parsing, allowing manipulation of object prototypes at runtime. Affected versions are AdonisJS...

GHSA-F5X2-VJ4H-VG4C AdonisJS multipart body parsing has Prototype Pollution issue

Description A Prototype Pollution vulnerability CWE-1321 in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This impacts @adonisjs/bodyparser through version 10.1.2 and 11.x prerelease versions prior to 11.0.0-next.8. This issue has bee...

PT-2026-6857

Description A Prototype Pollution vulnerability CWE-1321 in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This impacts @adonisjs/bodyparser through version 10.1.2 and 11.x prerelease versions prior to 11.0.0-next.8. This issue has bee...

@adonisjs/lucid 安全漏洞

@adonisjs/lucid is a database object-relational mapping library open-sourced by the AdonisJS Framework. Versions of @adonisjs/lucid before 10.1.3 and versions before 11.0.0-next.9 have security vulnerabilities. These vulnerabilities stem from prototype pollution in the parsing of multi-part form...