VYPR
Vendor

Adonisjs

Products
5
CVEs
5
Across products
6
Status
Private

Products

5

Recent CVEs

5
  • CVE-2026-21440CriJan 2, 2026
    risk 0.53cvss epss 0.01

    AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and…

  • CVE-2026-22814HigJan 13, 2026
    risk 0.46cvss epss 0.00

    @adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6, there is a Mass Assignment vulnerability in AdonisJS Lucid which may allow a remote attacker who can influence data that is passed into Lucid model assignments to overwrite the…

  • CVE-2026-40255MedApr 16, 2026
    risk 0.33cvss 6.1epss 0.00

    AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs/http-server versions prior to 7.8.1 and 8.0.0-next.0 through 8.1.3, and @adonisjs/core versions prior to 7.4.0, the response.redirect().back() method reads the Referer header…

  • CVE-2026-25762Feb 6, 2026
    risk 0.00cvss epss 0.00

    AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service (DoS) vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded…

  • CVE-2026-25754Feb 6, 2026
    risk 0.00cvss epss 0.00

    AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This issue has been patched in versions…