VYPR

Qs

by Ljharb

npm: qs

Source repositories

CVEs (2)

  • CVE-2026-8723MedMay 17, 2026
    risk 0.27cvss 5.3epss 0.00

    ### Summary `qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The throw is synchronous and not handled by any of qs's null-related options (`skipNulls`, `strictNullHandling`). …

  • CVE-2025-15284Dec 29, 2025
    risk 0.00cvss epss 0.00

    Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation (a[]=1&a[]=2), only for indexed notation (a[0]=1). This is a consistency bug;…