VYPR

Multer

by Expressjs

npm: multer

Source repositories

CVEs (9)

  • CVE-2025-48997HigJun 3, 2025
    risk 0.50cvss epss 0.00

    Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field…

  • CVE-2026-5079HigJun 15, 2026
    risk 0.42cvss 7.5epss 0.00

    Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses bracket notation in field names with no limit on nesting depth, allowing an attacker to…

  • CVE-2025-7338HigJul 17, 2025
    risk 0.42cvss 7.5epss 0.01

    Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request…

  • CVE-2025-47944HigMay 19, 2025
    risk 0.42cvss 7.5epss 0.01

    Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request…

  • CVE-2025-47935HigMay 19, 2025
    risk 0.42cvss 7.5epss 0.01

    Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed,…

  • CVE-2026-5038MedJun 15, 2026
    risk 0.27cvss 5.3epss 0.00

    Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk because the Readable.pipe() call does not propagate the stream destroy…

  • CVE-2026-3520Mar 4, 2026
    risk 0.00cvss epss 0.01

    Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to…

  • CVE-2026-3304Feb 27, 2026
    risk 0.00cvss epss 0.01

    Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version…

  • CVE-2026-2359Feb 27, 2026
    risk 0.00cvss epss 0.01

    Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to…