org.webjars.npm:body-parser (>=1.20.0 <=1.20.3), org.webjars.npm:express (=4.18.1) +1 more potentially affected by CVE-2025-15284 via org.webjars.npm:qs (>=6.10.3 <=6.13.0)

org.webjars.npm:qs MAVEN version =6.10.3, =1.20.0, =8.4.7, =9.0.0-next.2 Source cves: CVE-2025-15284 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-14724254...

@1023-ventures/serra-common (>=0.3.31 <=0.3.33), @2bad/bitrix (=2.3.1) +723 more potentially affected by CVE-2022-24999 via qs (>=6.9.0 <=6.9.6)

qs NPM version =6.9.0, =0.3.31, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =14.4.6, =5.0.4, =1.3.1, =0.4.0-next.8, =0.1.7, =0.2.4, =0.1.9, =0.3.0, =0.4.7-alpha.4 and more Source cves: CVE-2022-24999 Source advisory: OSV:GHSA-HRPP-H998-J3PP...

AZL-45075 CVE-2017-1000048 affecting package nodejs-nodemon 2.0.3-5

the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash...