Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40adonisjs/bodyparser@11.0.0-next.9
Typenpm
Namespace@adonisjs
Namebodyparser
Version11.0.0-next.9
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-86dd-yfnr-y3ac
vulnerability_id VCID-86dd-yfnr-y3ac
summary 
AdonisJS multipart body parsing has Prototype Pollution issue
A Prototype Pollution vulnerability (CWE-1321) in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This impacts `@adonisjs/bodyparser` through version `10.1.2` and `11.x` prerelease versions prior to `11.0.0-next.8`. This issue has been patched in `@adonisjs/bodyparser` versions `10.1.3` and `11.0.0-next.9`
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25754
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04684
published_at 2026-06-05T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.04656
published_at 2026-06-07T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04669
published_at 2026-06-06T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05471
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25754
1
reference_url https://github.com/adonisjs/bodyparser/commit/40e1c71f958cffb74f6b91bed6630dca979062ed
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:49Z/
url https://github.com/adonisjs/bodyparser/commit/40e1c71f958cffb74f6b91bed6630dca979062ed
2
reference_url https://github.com/adonisjs/bodyparser/releases/tag/v11.0.0-next.9
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:49Z/
url https://github.com/adonisjs/bodyparser/releases/tag/v11.0.0-next.9
3
reference_url https://github.com/adonisjs/core
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/adonisjs/core
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25754
reference_id CVE-2026-25754
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25754
5
reference_url https://github.com/adonisjs/core/security/advisories/GHSA-f5x2-vj4h-vg4c
reference_id GHSA-f5x2-vj4h-vg4c
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:49Z/
url https://github.com/adonisjs/core/security/advisories/GHSA-f5x2-vj4h-vg4c
6
reference_url https://github.com/advisories/GHSA-f5x2-vj4h-vg4c
reference_id GHSA-f5x2-vj4h-vg4c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f5x2-vj4h-vg4c
fixed_packages
0
url pkg:npm/%40adonisjs/bodyparser@10.1.3
purl pkg:npm/%40adonisjs/bodyparser@10.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540adonisjs/bodyparser@10.1.3
1
url pkg:npm/%40adonisjs/bodyparser@11.0.0-next.9
purl pkg:npm/%40adonisjs/bodyparser@11.0.0-next.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540adonisjs/bodyparser@11.0.0-next.9
aliases CVE-2026-25754, GHSA-f5x2-vj4h-vg4c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-86dd-yfnr-y3ac
1
url VCID-qj4q-bzvu-zfe4
vulnerability_id VCID-qj4q-bzvu-zfe4
summary 
AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection
A Denial of Service (DoS) vulnerability (CWE-400) exists in the multipart file handling logic of `@adonisjs/bodyparser`. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in memory while attempting to detect file types, potentially leading to excessive memory consumption and process termination.

This issue affects applications that accept `multipart/form-data` uploads using affected versions of `@adonisjs/bodyparser`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25762
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.05038
published_at 2026-06-07T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.05046
published_at 2026-06-06T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.05062
published_at 2026-06-05T12:55:00Z
3
value 0.00037
scoring_system epss
scoring_elements 0.11394
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25762
1
reference_url https://github.com/adonisjs/bodyparser/releases/tag/v10.1.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:47Z/
url https://github.com/adonisjs/bodyparser/releases/tag/v10.1.3
2
reference_url https://github.com/adonisjs/bodyparser/releases/tag/v11.0.0-next.9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:47Z/
url https://github.com/adonisjs/bodyparser/releases/tag/v11.0.0-next.9
3
reference_url https://github.com/adonisjs/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/adonisjs/core
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25762
reference_id CVE-2026-25762
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25762
5
reference_url https://github.com/adonisjs/core/security/advisories/GHSA-xx9g-fh25-4q64
reference_id GHSA-xx9g-fh25-4q64
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:47Z/
url https://github.com/adonisjs/core/security/advisories/GHSA-xx9g-fh25-4q64
6
reference_url https://github.com/advisories/GHSA-xx9g-fh25-4q64
reference_id GHSA-xx9g-fh25-4q64
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xx9g-fh25-4q64
fixed_packages
0
url pkg:npm/%40adonisjs/bodyparser@10.1.3
purl pkg:npm/%40adonisjs/bodyparser@10.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540adonisjs/bodyparser@10.1.3
1
url pkg:npm/%40adonisjs/bodyparser@11.0.0-next.9
purl pkg:npm/%40adonisjs/bodyparser@11.0.0-next.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540adonisjs/bodyparser@11.0.0-next.9
aliases CVE-2026-25762, GHSA-xx9g-fh25-4q64
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qj4q-bzvu-zfe4
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540adonisjs/bodyparser@11.0.0-next.9