expressjs

Top products

The 12 most recently published vulnerabilities affecting expressjs.

• CVE-2026-5038multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads5.3Jun 15, 2026
• CVE-2026-5079multer vulnerable to Denial of Service via deeply nested field names7.5Jun 15, 2026
• CVE-2025-7338Multer vulnerable to Denial of Service via unhandled exception from malformed request7.5Jul 17, 2025
• CVE-2025-47944Multer vulnerable to Denial of Service from maliciously crafted requests7.5May 19, 2025
• CVE-2025-47935Multer vulnerable to Denial of Service via memory leaks from unclosed streams7.5May 19, 2025
• CVE-2024-9266Open Redirect4.7Oct 3, 2024
• CVE-2024-47178basic-auth-connect's callback uses time unsafe string comparison5.3Sep 30, 2024
• CVE-2024-45590body-parser vulnerable to denial of service when url encoding is enabled7.5Sep 10, 2024
• CVE-2024-43800serve-static affected by template injection that can lead to XSS5.0Sep 10, 2024
• CVE-2024-43796express vulnerable to XSS via response.redirect()5.0Sep 10, 2024
• CVE-2024-29041Express.js Open Redirect in malformed URLs6.1Mar 25, 2024
• CVE-2017-16136method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regula...7.5Jun 7, 2018