Qs_project Qs

5 CVEs affecting Qs_project Qs. Latest disclosed: 2026-02-12. Critical: 0, High: 3.

Top CVEs affecting Qs_project Qs
CVESeverityScorePublishedSummary
CVE-2022-24999High7.52022-11-26qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ p…
CVE-2014-10064High7.52018-05-31The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will bl…
CVE-2017-1000048High7.52017-07-17the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to ca…
CVE-2026-2391Low3.72026-02-12### Summary The `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-…
CVE-2025-15284Low3.72025-12-29Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. Summary The arrayLimit option in qs did not e…