npm/qs — 7 CVEs · VulnScope

HIGH7.5CVE-2022-24999qs vulnerable to Prototype Pollution

>= 6.10.0, < 6.10.3

HIGH7.5CVE-2017-1000048Prototype Pollution Protection Bypass in qs

from 0, < 6.0.4

HIGH7.5CVE-2014-10064Denial-of-Service Extended Event Loop Blocking in qs

from 0, < 1.0.0

MEDIUM5.3qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set

>= 6.11.1, < 6.15.2

LOW3.7qs's arrayLimit bypass in comma parsing allows denial of service

>= 6.7.0, < 6.14.2

LOW3.7qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion

from 0, < 6.14.1

—Denial-of-Service Memory Exhaustion in qs

from 0, < 1.0.0

pkg:npm/qs

✅ Check your installed version

All known vulnerabilities