{"url":"http://public2.vulnerablecode.io/api/packages/118982?format=json","purl":"pkg:deb/debian/node-qs@2.2.4-1?distro=trixie","type":"deb","namespace":"debian","name":"node-qs","version":"2.2.4-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"6.10.3+ds+~6.9.7-1","latest_non_vulnerable_version":"6.15.0+ds+~6.15.0-3","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30494?format=json","vulnerability_id":"VCID-yvgs-pcve-fkdf","summary":"Denial-of-Service Memory Exhaustion\nThe qs module has the ability to create sparse arrays during parsing. By specifying a high index it is possible to create a large array that will eventually take up all the allocated memory of the running process, resulting in a crash.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1380","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:1380"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7191.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7191.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7191","reference_id":"","reference_type":"","scores":[{"value":"0.0069","scoring_system":"epss","scoring_elements":"0.72215","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0069","scoring_system":"epss","scoring_elements":"0.72189","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0069","scoring_system":"epss","scoring_elements":"0.72202","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0069","scoring_system":"epss","scoring_elements":"0.72223","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0069","scoring_system":"epss","scoring_elements":"0.72217","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0069","scoring_system":"epss","scoring_elements":"0.72175","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7191"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7191","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7191"},{"reference_url":"http://secunia.com/advisories/60026","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60026"},{"reference_url":"http://secunia.com/advisories/62170","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/62170"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/96729","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/96729"},{"reference_url":"https://github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8"},{"reference_url":"https://github.com/visionmedia/node-querystring","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/visionmedia/node-querystring"},{"reference_url":"https://github.com/visionmedia/node-querystring/issues/104","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/visionmedia/node-querystring/issues/104"},{"reference_url":"https://nodesecurity.io/advisories/qs_dos_memory_exhaustion","reference_id":"","reference_type":"","scores":[],"url":"https://nodesecurity.io/advisories/qs_dos_memory_exhaustion"},{"reference_url":"https://www.npmjs.com/advisories/29","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/29"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685987","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685987"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21687263","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21687263"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21687928","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21687928"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1146054","reference_id":"1146054","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1146054"},{"reference_url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/29.json","reference_id":"29","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/29.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7191","reference_id":"CVE-2014-7191","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7191"},{"reference_url":"https://github.com/advisories/GHSA-jjv7-qpx3-h62q","reference_id":"GHSA-jjv7-qpx3-h62q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjv7-qpx3-h62q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/118982?format=json","purl":"pkg:deb/debian/node-qs@2.2.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-qs@2.2.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/118983?format=json","purl":"pkg:deb/debian/node-qs@6.9.4%2Bds-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qa84-fqrn-4ugw"},{"vulnerability":"VCID-wfej-e227-j3ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-qs@6.9.4%252Bds-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/118981?format=json","purl":"pkg:deb/debian/node-qs@6.11.0%2Bds%2B~6.9.7-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qa84-fqrn-4ugw"},{"vulnerability":"VCID-wfej-e227-j3ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-qs@6.11.0%252Bds%252B~6.9.7-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/118985?format=json","purl":"pkg:deb/debian/node-qs@6.13.0%2Bds%2B~6.9.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qa84-fqrn-4ugw"},{"vulnerability":"VCID-wfej-e227-j3ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-qs@6.13.0%252Bds%252B~6.9.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/118984?format=json","purl":"pkg:deb/debian/node-qs@6.15.0%2Bds%2B~6.15.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-qs@6.15.0%252Bds%252B~6.15.0-3%3Fdistro=trixie"}],"aliases":["CVE-2014-7191","GHSA-jjv7-qpx3-h62q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yvgs-pcve-fkdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40279?format=json","vulnerability_id":"VCID-z1cj-85dn-8ka1","summary":"Denial-of-Service Extended Event Loop Blocking in qs\nThe qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-10064","reference_id":"","reference_type":"","scores":[{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68749","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68753","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68733","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68709","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68757","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-10064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10064"},{"reference_url":"https://nodesecurity.io/advisories/28","reference_id":"","reference_type":"","scores":[],"url":"https://nodesecurity.io/advisories/28"},{"reference_url":"https://www.npmjs.com/advisories/28","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/28"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-10064","reference_id":"CVE-2014-10064","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-10064"},{"reference_url":"https://github.com/advisories/GHSA-f9cm-p3w6-xvr3","reference_id":"GHSA-f9cm-p3w6-xvr3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f9cm-p3w6-xvr3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/118982?format=json","purl":"pkg:deb/debian/node-qs@2.2.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-qs@2.2.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/118983?format=json","purl":"pkg:deb/debian/node-qs@6.9.4%2Bds-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qa84-fqrn-4ugw"},{"vulnerability":"VCID-wfej-e227-j3ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-qs@6.9.4%252Bds-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/118981?format=json","purl":"pkg:deb/debian/node-qs@6.11.0%2Bds%2B~6.9.7-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qa84-fqrn-4ugw"},{"vulnerability":"VCID-wfej-e227-j3ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-qs@6.11.0%252Bds%252B~6.9.7-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/118985?format=json","purl":"pkg:deb/debian/node-qs@6.13.0%2Bds%2B~6.9.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qa84-fqrn-4ugw"},{"vulnerability":"VCID-wfej-e227-j3ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-qs@6.13.0%252Bds%252B~6.9.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/118984?format=json","purl":"pkg:deb/debian/node-qs@6.15.0%2Bds%2B~6.15.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-qs@6.15.0%252Bds%252B~6.15.0-3%3Fdistro=trixie"}],"aliases":["CVE-2014-10064","GHSA-f9cm-p3w6-xvr3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z1cj-85dn-8ka1"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-qs@2.2.4-1%3Fdistro=trixie"}