VulnerableCode Package Details - pkg:deb/debian/node-qs@2.2.4-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-5aq9-t9ja-kbat	Denial-of-Service Memory Exhaustion in qs The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array.	CVE-2014-7191 GHSA-jjv7-qpx3-h62q
VCID-hau3-t73v-a7dv	Denial-of-Service Extended Event Loop Blocking in qs The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring.	CVE-2014-10064 GHSA-f9cm-p3w6-xvr3

Vulnerability

Summary

Aliases

VCID-5aq9-t9ja-kbat

Denial-of-Service Memory Exhaustion in qs The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array.

CVE-2014-7191
GHSA-jjv7-qpx3-h62q

VCID-hau3-t73v-a7dv

Denial-of-Service Extended Event Loop Blocking in qs The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring.

CVE-2014-10064
GHSA-f9cm-p3w6-xvr3

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T09:35:40.785607+00:00	Debian Importer	Fixing	VCID-5aq9-t9ja-kbat	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:14:26.935746+00:00	Debian Importer	Fixing	VCID-hau3-t73v-a7dv	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-11T18:23:23.893944+00:00	Debian Importer	Fixing	VCID-5aq9-t9ja-kbat	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:10:47.560909+00:00	Debian Importer	Fixing	VCID-hau3-t73v-a7dv	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:47:14.414907+00:00	Debian Importer	Fixing	VCID-5aq9-t9ja-kbat	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:47:14.370404+00:00	Debian Importer	Fixing	VCID-hau3-t73v-a7dv	https://security-tracker.debian.org/tracker/data/json	38.1.0