Lucene search
+L

124 matches found

vulnersosv
vulnersosv
added 2026/02/12 5:20 a.m.7 views

org.webjars.npm:body-parser (>=1.20.0 <=1.20.3), org.webjars.npm:express (=4.18.1) +1 more potentially affected by CVE-2026-2391 via org.webjars.npm:qs (>=6.10.3 <=6.13.0)

org.webjars.npm:qs MAVEN version =6.10.3, =1.20.0, =8.4.7, =9.0.0-next.2 Source cves: CVE-2026-2391 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15268417...

7.5CVSS7AI score0.00478EPSS
Exploits1
github
github
added 2026/02/06 7:53 p.m.11 views

AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection

Summary A Denial of Service DoS vulnerability CWE-400 exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in memory while attempting to detect file types, potentially leading to excessiv...

7.5CVSS5.8AI score0.00491EPSS
Exploits0References5Affected Software1
ossf
ossf
added 2026/01/12 12:22 a.m.10 views

Malicious code in body-parser-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5d1cf0401e8f508430b1d43b7fd16e5f0d2cf1e17ea7388b651ac0466d141db The package body-parser-js was found to contain malicious code. Source: ghsa-malware 1ce45487b7b908b88575fd497e5e1ee4d106c3e361fc36768c37937d4235ffd1...

6.9AI score
Exploits0References1
euvd
euvd
added 2026/01/12 12:22 a.m.9 views

EUVD-2026-1991

Malicious code in body-parser-js npm...

6.6AI score
Exploits0References1
osv
osv
added 2026/01/12 12:22 a.m.5 views

MAL-2026-203 Malicious code in body-parser-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5d1cf0401e8f508430b1d43b7fd16e5f0d2cf1e17ea7388b651ac0466d141db The package body-parser-js was found to contain malicious code. Source: ghsa-malware 1ce45487b7b908b88575fd497e5e1ee4d106c3e361fc36768c37937d4235ffd1...

6.8AI score
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 8:42 a.m.31 views

CVE-2022-31018

Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the...

7.5CVSS6.7AI score0.01573EPSS
Exploits0References1
vulnersosv
vulnersosv
added 2025/12/30 12:1 a.m.7 views

org.webjars.npm:body-parser (>=1.20.0 <=1.20.3), org.webjars.npm:express (=4.18.1) +1 more potentially affected by CVE-2025-15284 via org.webjars.npm:qs (>=6.10.3 <=6.13.0)

org.webjars.npm:qs MAVEN version =6.10.3, =1.20.0, =8.4.7, =9.0.0-next.2 Source cves: CVE-2025-15284 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-14724254...

6.3CVSS6.7AI score0.0041EPSS
Exploits1
ibm
ibm
added 2025/12/22 11:27 a.m.13 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple node modules (CVE-2025-64718, CVE-2025-64756, CVE-2025-13466 & CVE-2025-65945)

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to multiple vulnerabilities due to node modules js-yaml, glob, body-parser and jws. Vulnerability Details...

7.5CVSS6.8AI score0.03136EPSS
Exploits2Affected Software1
github
github
added 2025/12/11 6:36 p.m.9 views

Servify-express rate limit issue

Impact The Express server uses express.json without a size limit, which can allow attackers to send extremely large request bodies. This may lead to excessive memory usage, degraded performance, or process crashes, resulting in a Denial of Service DoS. Any application using the JSON parser withou...

8.7CVSS6.9AI score0.00352EPSS
Exploits0References6Affected Software1
redhatcve
redhatcve
added 2025/12/02 9:23 p.m.14 views

CVE-2025-13466

body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...

6.9CVSS6.2AI score0.0035EPSS
Exploits0References4
github
github
added 2025/11/25 2:20 p.m.10 views

body-parser is vulnerable to denial of service when url encoding is used

Impact body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage...

6.9CVSS6.7AI score0.0035EPSS
Exploits0References5Affected Software1
vulnersosv
vulnersosv
added 2025/11/25 2:20 p.m.7 views

@appium/base-driver (>=10.0.0 <=10.1.1), @breautek/storm (>=9.0.0 <=9.2.4) +74 more potentially affected by CVE-2025-13466 via body-parser (=2.2.0)

body-parser NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on body-parser and may be impacted: - @appium/base-driver =10.0.0, =9.0.0, =3.8.8, =1.114.0, =11.8.0, =3.4.0, =11.0.19, =0.1.0, =4.0.1, =1.0.0-beta.2, =0.0.1-beta.0,...

6.9CVSS5.7AI score0.0035EPSS
Exploits0
osv
osv
added 2025/11/25 2:20 p.m.4 views

GHSA-WQCH-XFXH-VRR4 body-parser is vulnerable to denial of service when url encoding is used

Impact body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage...

6.9CVSS6.4AI score0.0035EPSS
Exploits0References5
euvd
euvd
added 2025/11/25 2:20 p.m.4 views

EUVD-2025-198982

body-parser is vulnerable to denial of service when url encoding is used...

6.9CVSS6.3AI score0.0035EPSS
Exploits0References4
euvd
euvd
added 2025/11/25 12:16 a.m.3 views

EUVD-2025-199426

Malicious code in @voiceflow/body-parser npm...

6.6AI score
Exploits0References4
ossf
ossf
added 2025/11/25 12:16 a.m.7 views

Malicious code in @voiceflow/body-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27087f99b3b863dae53a7bc93919c6691aa9fb2deb6de5eda5deea916f283686 The package @voiceflow/body-parser was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
euvd
euvd
added 2025/11/25 12:16 a.m.3 views

EUVD-2025-199510

Malicious code in @antstackio/graphql-body-parser npm...

6.6AI score
Exploits0References4
osv
osv
added 2025/11/25 12:16 a.m.5 views

MAL-2025-191336 Malicious code in @voiceflow/body-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27087f99b3b863dae53a7bc93919c6691aa9fb2deb6de5eda5deea916f283686 The package @voiceflow/body-parser was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References4
osv
osv
added 2025/11/25 12:16 a.m.4 views

MAL-2025-191189 Malicious code in @antstackio/graphql-body-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ba2f487fb7920801336b5a03e7300f0ed4b0d6bcb39b1b05ba80549347dcdfa The package @antstackio/graphql-body-parser was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References4
vulnersosv
vulnersosv
added 2025/11/24 7:40 p.m.5 views

@appium/base-driver (>=10.0.0 <=10.1.1), @breautek/storm (>=9.0.0 <=9.2.4) +74 more potentially affected by CVE-2025-13466 via body-parser (=2.2.0)

body-parser NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on body-parser and may be impacted: - @appium/base-driver =10.0.0, =9.0.0, =3.8.8, =1.114.0, =11.8.0, =3.4.0, =11.0.19, =0.1.0, =4.0.1, =1.0.0-beta.2, =0.0.1-beta.0,...

6.9CVSS5.7AI score0.0035EPSS
Exploits0
Rows per page
Query Builder