multer — CVE history (npm)

multer

9 CVEs affect the multer npm package (highest CVSS 7.5). Latest disclosed: 2026-06-15. Full CVE history sourced from NVD.

Summary

Package
multer (npm)
Total CVEs
9
Actively exploited (CISA KEV)
0
Highest CVSS
7.5
Latest disclosed
2026-06-15

Recent CVEs (top 9)

CVESeverityCVSSKEVPublishedSummary
CVE-2026-5038Medium5.32026-06-15Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage.
CVE-2026-5079High7.52026-06-15Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data.
CVE-2026-3520High7.52026-03-04Multer is a node.js middleware for handling `multipart/form-data`.
CVE-2026-3304High7.52026-02-27Multer is a node.js middleware for handling `multipart/form-data`.
CVE-2026-2359High7.52026-02-27Multer is a node.js middleware for handling `multipart/form-data`.
CVE-2025-7338High7.52025-07-17Multer is a node.js middleware for handling `multipart/form-data`.
CVE-2025-489972025-06-03Multer is a node.js middleware for handling `multipart/form-data`.
CVE-2025-47944High7.52025-05-19Multer is a node.js middleware for handling `multipart/form-data`.
CVE-2025-47935High7.52025-05-19Multer is a node.js middleware for handling `multipart/form-data`.

All-time worst (top 8 by CVSS)

CVESeverityCVSSKEVPublishedSummary
CVE-2026-5079High7.52026-06-15Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data.
CVE-2026-3520High7.52026-03-04Multer is a node.js middleware for handling `multipart/form-data`.
CVE-2026-3304High7.52026-02-27Multer is a node.js middleware for handling `multipart/form-data`.
CVE-2026-2359High7.52026-02-27Multer is a node.js middleware for handling `multipart/form-data`.
CVE-2025-7338High7.52025-07-17Multer is a node.js middleware for handling `multipart/form-data`.
CVE-2025-47944High7.52025-05-19Multer is a node.js middleware for handling `multipart/form-data`.
CVE-2025-47935High7.52025-05-19Multer is a node.js middleware for handling `multipart/form-data`.
CVE-2026-5038Medium5.32026-06-15Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage.