Bodyparser

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-25762 HIGH PATCH This Week

Memory exhaustion in AdonisJS @adonisjs/bodyparser prior to versions 10.1.3 and 11.0.0-next.9 allows unauthenticated remote attackers to trigger denial of service by uploading files that cause unbounded memory accumulation during multipart parsing. The vulnerable multipart handler fails to enforce memory limits while processing file type detection, enabling attackers to exhaust server resources and crash the application. No patch is currently available for affected installations.

Denial Of Service Bodyparser
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25754 HIGH PATCH This Week

AdonisJS is a TypeScript-first web framework. versions up to 10.1.3 is affected by improperly controlled modification of object prototype attributes (prototype pollution) (CVSS 7.2).

Prototype Pollution Information Disclosure Bodyparser
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-25762
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory exhaustion in AdonisJS @adonisjs/bodyparser prior to versions 10.1.3 and 11.0.0-next.9 allows unauthenticated remote attackers to trigger denial of service by uploading files that cause unbounded memory accumulation during multipart parsing. The vulnerable multipart handler fails to enforce memory limits while processing file type detection, enabling attackers to exhaust server resources and crash the application. No patch is currently available for affected installations.

Denial Of Service Bodyparser
NVD GitHub VulDB
CVE-2026-25754
EPSS 0% CVSS 7.2
HIGH PATCH This Week

AdonisJS is a TypeScript-first web framework. versions up to 10.1.3 is affected by improperly controlled modification of object prototype attributes (prototype pollution) (CVSS 7.2).

Prototype Pollution Information Disclosure Bodyparser
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy