CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

OSV•added 2026/05/17 12:16 a.m.•1 views

DEBIAN-CVE-2026-8723

Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...

6.3CVSS5.9AI score0.00044EPSS

Exploits0References1

CNNVD•added 2026/05/17 12:0 a.m.•6 views

qs 代码问题漏洞

QS is a JavaScript library developed by Jordan Harband. Versions of QS from 6.11.1 to 6.15.2 had code vulnerabilities. This vulnerability occurred when calling qs.stringify on an array containing null or undefined, with arrayFormat set to comma and encodeValuesOnly set to true. This resulted in a...

6.3CVSS5.9AI score0.00044EPSS

Exploits0References1

CNNVD•added 2026/02/12 12:0 a.m.•3 views

qs 安全漏洞

QS is a JavaScript library developed by Jordan Harband. QS has a security vulnerability, which stems from the arrayLimit option not enforcing restrictions on comma-separated values when the comma option is enabled. This could lead to a memory-exploiting denial-of-service attack...

7.5CVSS7.1AI score0.0005EPSS

Exploits1References2

CNNVD•added 2025/05/02 12:0 a.m.•1 views

obfstr 安全漏洞

obfstr is a Rust compile-time string library from the Casper personal developer. A security vulnerability exists in obfstr versions prior to 0.4.4, which stems from not restricting the obfstr parameter type to string slices, which may result in invalid UTF-8 conversions...

2.9CVSS6.5AI score0.00086EPSS

Exploits0References2

CNNVD•added 2025/02/05 12:0 a.m.•1 views

dot-querystring 安全漏洞

dot-querystring is a dot notation library for node query strings by the individual developer Naoya Tsutsumi. A security vulnerability exists in dot-querystring version v0.2.0, which stems from the lib.parse function containing a prototype contamination vulnerability...

7.5CVSS6.8AI score0.00191EPSS

Exploits0References1

Positive Technologies•added 2025/01/01 12:0 a.m.•2 views

PT-2025-53805

Name of the Vulnerable Software and Affected Versions qs versions prior to 6.14.1 Description A flaw exists in the qs parse modules library where the arrayLimit option does not properly enforce limits when using bracket notation in query strings, leading to a potential HTTP Denial of Service DoS...

7.8CVSS6.8AI score0.0004EPSS

Exploits1References22

OSV•added 2024/08/22 7:45 p.m.•20 views

BIT-VALKEY-2021-41099 Integer overflow issue with strings in Redis

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len...

7.5CVSS8.3AI score0.00403EPSS

Exploits0References10

Snyk•added 2023/01/17 9:30 p.m.•1 views

Regular Expression Denial of Service (ReDoS)

Overview sisimai is a Ruby library for analyzing RFC5322 bounce emails and generating structured data from parsed results. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expressions in the function toplain of the...

7.5CVSS6.8AI score0.00322EPSS

Exploits1References2

vulnersOsv•added 2022/11/27 12:30 a.m.•0 views

01-numacert (>=1.0.0 <=3.0.0), 10by10-react-app (=1.2.1) +3835 more potentially affected by CVE-2022-24999 via qs (>=6.5.0 <=6.5.2)

qs NPM version =6.5.0, =1.0.0, =0.2.0, =0.1.0, =1.0.0, =1.0.3, =0.0.1-bate.30, =0.0.1, =0.0.1, =1.0.0, =12.1.0, =6.0.0, =7.12.0 and more Source cves: CVE-2022-24999 Source advisory: OSV:GHSA-HRPP-H998-J3PP...

7.5CVSS7.1AI score0.01543EPSS

Exploits2