HIGH7.5CVE-2014-10064Denial-of-Service Extended Event Loop Blocking in qs
from 0, < 2.2.4-1
MEDIUM5.3qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set
from 0
LOW3.7qs's arrayLimit bypass in comma parsing allows denial of service
from 0
LOW3.7qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion