multer — CVE history (npm)
multer
9 CVEs affect the multer npm package (highest CVSS 7.5). Latest disclosed: 2026-06-15. Full CVE history sourced from NVD.
Summary
- Package
multer(npm)- Total CVEs
9- Actively exploited (CISA KEV)
- 0
- Highest CVSS
7.5- Latest disclosed
- 2026-06-15
Recent CVEs (top 9)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-5038 | Medium | 5.3 | — | 2026-06-15 | Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. |
CVE-2026-5079 | High | 7.5 | — | 2026-06-15 | Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. |
CVE-2026-3520 | High | 7.5 | — | 2026-03-04 | Multer is a node.js middleware for handling `multipart/form-data`. |
CVE-2026-3304 | High | 7.5 | — | 2026-02-27 | Multer is a node.js middleware for handling `multipart/form-data`. |
CVE-2026-2359 | High | 7.5 | — | 2026-02-27 | Multer is a node.js middleware for handling `multipart/form-data`. |
CVE-2025-7338 | High | 7.5 | — | 2025-07-17 | Multer is a node.js middleware for handling `multipart/form-data`. |
CVE-2025-48997 | — | — | — | 2025-06-03 | Multer is a node.js middleware for handling `multipart/form-data`. |
CVE-2025-47944 | High | 7.5 | — | 2025-05-19 | Multer is a node.js middleware for handling `multipart/form-data`. |
CVE-2025-47935 | High | 7.5 | — | 2025-05-19 | Multer is a node.js middleware for handling `multipart/form-data`. |
All-time worst (top 8 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-5079 | High | 7.5 | — | 2026-06-15 | Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. |
CVE-2026-3520 | High | 7.5 | — | 2026-03-04 | Multer is a node.js middleware for handling `multipart/form-data`. |
CVE-2026-3304 | High | 7.5 | — | 2026-02-27 | Multer is a node.js middleware for handling `multipart/form-data`. |
CVE-2026-2359 | High | 7.5 | — | 2026-02-27 | Multer is a node.js middleware for handling `multipart/form-data`. |
CVE-2025-7338 | High | 7.5 | — | 2025-07-17 | Multer is a node.js middleware for handling `multipart/form-data`. |
CVE-2025-47944 | High | 7.5 | — | 2025-05-19 | Multer is a node.js middleware for handling `multipart/form-data`. |
CVE-2025-47935 | High | 7.5 | — | 2025-05-19 | Multer is a node.js middleware for handling `multipart/form-data`. |
CVE-2026-5038 | Medium | 5.3 | — | 2026-06-15 | Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. |