Medium severityGHSA Advisory· Published Nov 24, 2025· Updated Apr 15, 2026
CVE-2025-13466
CVE-2025-13466
Description
body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This can lead to service slowdown or partial outages under sustained malicious traffic. This issue is addressed in version 2.2.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
body-parsernpm | >= 2.2.0, < 2.2.1 | 2.2.1 |
Affected products
74- Range: >= 2.2.0, < 2.2.1
- osv-coords73 versionspkg:apk/chainguard/code-serverpkg:apk/chainguard/code-server-compatpkg:apk/chainguard/kibana-9.2pkg:apk/chainguard/kibana-9.2-iamguardedpkg:apk/chainguard/langfusepkg:apk/chainguard/langfuse-compatpkg:apk/chainguard/langfuse-workerpkg:apk/chainguard/librechatpkg:apk/chainguard/librechat-compatpkg:apk/chainguard/librechat-devpkg:apk/chainguard/opensearch-dashboards-2pkg:apk/chainguard/opensearch-dashboards-2-alerting-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-anomaly-detection-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-compatpkg:apk/chainguard/opensearch-dashboards-2-configpkg:apk/chainguard/opensearch-dashboards-2-dashboards-mapspkg:apk/chainguard/opensearch-dashboards-2-dashboards-notificationspkg:apk/chainguard/opensearch-dashboards-2-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-2-dashboards-query-workbenchpkg:apk/chainguard/opensearch-dashboards-2-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-2-dashboards-search-relevancepkg:apk/chainguard/opensearch-dashboards-2-dashboards-visualizationspkg:apk/chainguard/opensearch-dashboards-2-fipspkg:apk/chainguard/opensearch-dashboards-2-fips-alerting-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-anomaly-detection-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-configpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-mapspkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-notificationspkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-query-workbenchpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-search-relevancepkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-visualizationspkg:apk/chainguard/opensearch-dashboards-2-fips-index-management-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-ml-commons-dashboardspkg:apk/chainguard/opensearch-dashboards-2-fips-security-analytics-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-security-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-index-management-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-ml-commons-dashboardspkg:apk/chainguard/opensearch-dashboards-2-security-analytics-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-security-dashboards-pluginpkg:apk/chainguard/redisinsightpkg:apk/chainguard/redisinsight-docker-entrypointpkg:apk/chainguard/safpkg:apk/chainguard/tileserver-glpkg:apk/chainguard/tileserver-gl-compatpkg:apk/chainguard/tileserver-gl-fipspkg:apk/chainguard/tileserver-gl-fips-compatpkg:apk/wolfi/code-serverpkg:apk/wolfi/code-server-compatpkg:apk/wolfi/langfusepkg:apk/wolfi/langfuse-compatpkg:apk/wolfi/langfuse-workerpkg:apk/wolfi/opensearch-dashboards-2pkg:apk/wolfi/opensearch-dashboards-2-alerting-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-anomaly-detection-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-compatpkg:apk/wolfi/opensearch-dashboards-2-configpkg:apk/wolfi/opensearch-dashboards-2-dashboards-mapspkg:apk/wolfi/opensearch-dashboards-2-dashboards-notificationspkg:apk/wolfi/opensearch-dashboards-2-dashboards-observabilitypkg:apk/wolfi/opensearch-dashboards-2-dashboards-query-workbenchpkg:apk/wolfi/opensearch-dashboards-2-dashboards-reportingpkg:apk/wolfi/opensearch-dashboards-2-dashboards-search-relevancepkg:apk/wolfi/opensearch-dashboards-2-dashboards-visualizationspkg:apk/wolfi/opensearch-dashboards-2-index-management-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-ml-commons-dashboardspkg:apk/wolfi/opensearch-dashboards-2-security-analytics-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-security-dashboards-pluginpkg:apk/wolfi/safpkg:apk/wolfi/tileserver-glpkg:apk/wolfi/tileserver-gl-compatpkg:npm/body-parser
< 4.106.2-r1+ 72 more
- (no CPE)range: < 4.106.2-r1
- (no CPE)range: < 4.106.2-r1
- (no CPE)range: < 9.2.1-r2
- (no CPE)range: < 9.2.1-r2
- (no CPE)range: < 3.134.0-r1
- (no CPE)range: < 3.134.0-r1
- (no CPE)range: < 3.134.0-r1
- (no CPE)range: < 0.8.1-r0
- (no CPE)range: < 0.8.0-r4
- (no CPE)range: < 0.8.0-r4
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.70.1-r5
- (no CPE)range: < 2.70.1-r5
- (no CPE)range: < 1.5.2-r0
- (no CPE)range: < 5.4.0-r5
- (no CPE)range: < 5.4.0-r5
- (no CPE)range: < 5.4.0-r5
- (no CPE)range: < 5.4.0-r5
- (no CPE)range: < 4.106.2-r1
- (no CPE)range: < 4.106.2-r1
- (no CPE)range: < 3.134.0-r1
- (no CPE)range: < 3.134.0-r1
- (no CPE)range: < 3.134.0-r1
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 1.5.2-r0
- (no CPE)range: < 5.4.0-r5
- (no CPE)range: < 5.4.0-r5
- (no CPE)range: >= 2.2.0, < 2.2.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-wqch-xfxh-vrr4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-13466ghsaADVISORY
- github.com/expressjs/body-parser/commit/b204886a6744b0b6d297cd0e849d75de836f3b63ghsaWEB
- github.com/expressjs/body-parser/releases/tag/v2.2.1ghsaWEB
- github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4nvdWEB
News mentions
0No linked articles in our index yet.