124 matches found
org.webjars.npm:body-parser (>=1.20.0 <=1.20.3), org.webjars.npm:express (=4.18.1) +1 more potentially affected by CVE-2026-2391 via org.webjars.npm:qs (>=6.10.3 <=6.13.0)
org.webjars.npm:qs MAVEN version =6.10.3, =1.20.0, =8.4.7, =9.0.0-next.2 Source cves: CVE-2026-2391 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15268417...
AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection
Summary A Denial of Service DoS vulnerability CWE-400 exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in memory while attempting to detect file types, potentially leading to excessiv...
Malicious code in body-parser-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5d1cf0401e8f508430b1d43b7fd16e5f0d2cf1e17ea7388b651ac0466d141db The package body-parser-js was found to contain malicious code. Source: ghsa-malware 1ce45487b7b908b88575fd497e5e1ee4d106c3e361fc36768c37937d4235ffd1...
EUVD-2026-1991
Malicious code in body-parser-js npm...
MAL-2026-203 Malicious code in body-parser-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5d1cf0401e8f508430b1d43b7fd16e5f0d2cf1e17ea7388b651ac0466d141db The package body-parser-js was found to contain malicious code. Source: ghsa-malware 1ce45487b7b908b88575fd497e5e1ee4d106c3e361fc36768c37937d4235ffd1...
CVE-2022-31018
Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the...
org.webjars.npm:body-parser (>=1.20.0 <=1.20.3), org.webjars.npm:express (=4.18.1) +1 more potentially affected by CVE-2025-15284 via org.webjars.npm:qs (>=6.10.3 <=6.13.0)
org.webjars.npm:qs MAVEN version =6.10.3, =1.20.0, =8.4.7, =9.0.0-next.2 Source cves: CVE-2025-15284 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-14724254...
Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple node modules (CVE-2025-64718, CVE-2025-64756, CVE-2025-13466 & CVE-2025-65945)
Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to multiple vulnerabilities due to node modules js-yaml, glob, body-parser and jws. Vulnerability Details...
Servify-express rate limit issue
Impact The Express server uses express.json without a size limit, which can allow attackers to send extremely large request bodies. This may lead to excessive memory usage, degraded performance, or process crashes, resulting in a Denial of Service DoS. Any application using the JSON parser withou...
CVE-2025-13466
body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...
body-parser is vulnerable to denial of service when url encoding is used
Impact body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage...
@appium/base-driver (>=10.0.0 <=10.1.1), @breautek/storm (>=9.0.0 <=9.2.4) +74 more potentially affected by CVE-2025-13466 via body-parser (=2.2.0)
body-parser NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on body-parser and may be impacted: - @appium/base-driver =10.0.0, =9.0.0, =3.8.8, =1.114.0, =11.8.0, =3.4.0, =11.0.19, =0.1.0, =4.0.1, =1.0.0-beta.2, =0.0.1-beta.0,...
GHSA-WQCH-XFXH-VRR4 body-parser is vulnerable to denial of service when url encoding is used
Impact body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage...
EUVD-2025-198982
body-parser is vulnerable to denial of service when url encoding is used...
EUVD-2025-199426
Malicious code in @voiceflow/body-parser npm...
Malicious code in @voiceflow/body-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27087f99b3b863dae53a7bc93919c6691aa9fb2deb6de5eda5deea916f283686 The package @voiceflow/body-parser was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199510
Malicious code in @antstackio/graphql-body-parser npm...
MAL-2025-191336 Malicious code in @voiceflow/body-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27087f99b3b863dae53a7bc93919c6691aa9fb2deb6de5eda5deea916f283686 The package @voiceflow/body-parser was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191189 Malicious code in @antstackio/graphql-body-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ba2f487fb7920801336b5a03e7300f0ed4b0d6bcb39b1b05ba80549347dcdfa The package @antstackio/graphql-body-parser was found to contain malicious code. Source: ghsa-malware...
@appium/base-driver (>=10.0.0 <=10.1.1), @breautek/storm (>=9.0.0 <=9.2.4) +74 more potentially affected by CVE-2025-13466 via body-parser (=2.2.0)
body-parser NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on body-parser and may be impacted: - @appium/base-driver =10.0.0, =9.0.0, =3.8.8, =1.114.0, =11.8.0, =3.4.0, =11.0.19, =0.1.0, =4.0.1, =1.0.0-beta.2, =0.0.1-beta.0,...