Expressjs Multer
9 CVEs affecting Expressjs Multer. Latest disclosed: 2026-06-15. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-5079 | High | 7.5 | 2026-06-15 | Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The a… |
CVE-2025-7338 | High | 7.5 | 2025-07-17 | Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 a… |
CVE-2025-47944 | High | 7.5 | 2025-05-19 | Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 a… |
CVE-2025-47935 | High | 7.5 | 2025-05-19 | Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to… |
CVE-2026-5038 | Medium | 5.3 | 2026-06-15 | Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multip… |
CVE-2026-3520 | | 2026-03-04 | Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of S… | |
CVE-2026-3304 | | 2026-02-27 | Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of S… | |
CVE-2026-2359 | | 2026-02-27 | Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of S… | |
CVE-2025-48997 | | 2025-06-03 | Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 a… |