Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/%40adonisjs/bodyparser@9.3.2-5

Type npm

Namespace @adonisjs

Name bodyparser

Version 9.3.2-5

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 10.1.3

Latest_non_vulnerable_version 11.0.0-next.9

Affected_by_vulnerabilities

url VCID-7usz-g81t-wygv

vulnerability_id VCID-7usz-g81t-wygv

summary AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service (DoS) vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in memory while attempting to detect file types, potentially leading to excessive memory consumption and process termination. This issue has been patched in versions 10.1.3 and 11.0.0-next.9.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25762

reference_id

reference_type

scores

value	0.00037
scoring_system	epss
scoring_elements	0.11549
published_at	2026-06-13T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11519
published_at	2026-06-14T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.1148
published_at	2026-06-11T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11558
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25762

reference_url

https://github.com/adonisjs/core

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/adonisjs/core

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25762

reference_id

CVE-2026-25762

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25762

reference_url

https://github.com/adonisjs/core/security/advisories/GHSA-xx9g-fh25-4q64

reference_id

GHSA-xx9g-fh25-4q64

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:47Z/

url

https://github.com/adonisjs/core/security/advisories/GHSA-xx9g-fh25-4q64

reference_url

https://github.com/advisories/GHSA-xx9g-fh25-4q64

reference_id

GHSA-xx9g-fh25-4q64

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xx9g-fh25-4q64

reference_url

https://github.com/adonisjs/bodyparser/releases/tag/v10.1.3

reference_id

v10.1.3

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:47Z/

url

https://github.com/adonisjs/bodyparser/releases/tag/v10.1.3

reference_url

https://github.com/adonisjs/bodyparser/releases/tag/v11.0.0-next.9

reference_id

v11.0.0-next.9

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:47Z/

url

https://github.com/adonisjs/bodyparser/releases/tag/v11.0.0-next.9

fixed_packages

url	pkg:npm/%40adonisjs/bodyparser@10.1.3
purl	pkg:npm/%40adonisjs/bodyparser@10.1.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/%2540adonisjs/bodyparser@10.1.3

url	pkg:npm/%40adonisjs/bodyparser@11.0.0-next.9
purl	pkg:npm/%40adonisjs/bodyparser@11.0.0-next.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/%2540adonisjs/bodyparser@11.0.0-next.9

aliases CVE-2026-25762, GHSA-xx9g-fh25-4q64

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7usz-g81t-wygv

url VCID-qdqw-zc8h-nkep

vulnerability_id VCID-qdqw-zc8h-nkep

summary AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patched in @adonisjs/bodyparser versions 10.1.2 and 11.0.0-next.6.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-21440

reference_id

reference_type

scores

value	0.00097
scoring_system	epss
scoring_elements	0.26653
published_at	2026-06-11T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29624
published_at	2026-06-14T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29621
published_at	2026-06-12T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29638
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-21440

reference_url

https://github.com/adonisjs/core

reference_id

reference_type

scores

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/adonisjs/core

reference_url

https://github.com/adonisjs/bodyparser/commit/143a16f35602be8561215611582211dec280cae6

reference_id

143a16f35602be8561215611582211dec280cae6

reference_type

scores

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-05T20:31:29Z/

url

https://github.com/adonisjs/bodyparser/commit/143a16f35602be8561215611582211dec280cae6

reference_url

https://github.com/adonisjs/bodyparser/commit/6795c0e3fa824ae275bbd992aae60609e96f0f03

reference_id

6795c0e3fa824ae275bbd992aae60609e96f0f03

reference_type

scores

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-05T20:31:29Z/

url

https://github.com/adonisjs/bodyparser/commit/6795c0e3fa824ae275bbd992aae60609e96f0f03

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-21440

reference_id

CVE-2026-21440

reference_type

scores

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-21440

reference_url

https://github.com/adonisjs/core/security/advisories/GHSA-gvq6-hvvp-h34h

reference_id

GHSA-gvq6-hvvp-h34h

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-05T20:31:29Z/

url

https://github.com/adonisjs/core/security/advisories/GHSA-gvq6-hvvp-h34h

reference_url

https://github.com/advisories/GHSA-gvq6-hvvp-h34h

reference_id

GHSA-gvq6-hvvp-h34h

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gvq6-hvvp-h34h

reference_url

https://github.com/adonisjs/bodyparser/releases/tag/v10.1.2

reference_id

v10.1.2

reference_type

scores

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-05T20:31:29Z/

url

https://github.com/adonisjs/bodyparser/releases/tag/v10.1.2

reference_url

https://github.com/adonisjs/bodyparser/releases/tag/v11.0.0-next.6

reference_id

v11.0.0-next.6

reference_type

scores

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-05T20:31:29Z/

url

https://github.com/adonisjs/bodyparser/releases/tag/v11.0.0-next.6

fixed_packages

url pkg:npm/%40adonisjs/bodyparser@10.1.2

purl pkg:npm/%40adonisjs/bodyparser@10.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7usz-g81t-wygv

vulnerability	VCID-sufk-g6f1-yycg

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540adonisjs/bodyparser@10.1.2

url pkg:npm/%40adonisjs/bodyparser@11.0.0-next.6

purl pkg:npm/%40adonisjs/bodyparser@11.0.0-next.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7usz-g81t-wygv

vulnerability	VCID-sufk-g6f1-yycg

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540adonisjs/bodyparser@11.0.0-next.6

aliases CVE-2026-21440, GHSA-gvq6-hvvp-h34h

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdqw-zc8h-nkep

url VCID-sufk-g6f1-yycg

vulnerability_id VCID-sufk-g6f1-yycg

summary AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This issue has been patched in versions 10.1.3 and 11.0.0-next.9.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25754

reference_id

reference_type

scores

value	0.00019
scoring_system	epss
scoring_elements	0.05591
published_at	2026-06-13T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05584
published_at	2026-06-14T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05571
published_at	2026-06-11T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05598
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25754

reference_url

https://github.com/adonisjs/core

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/adonisjs/core

reference_url

https://github.com/adonisjs/bodyparser/commit/40e1c71f958cffb74f6b91bed6630dca979062ed

reference_id

40e1c71f958cffb74f6b91bed6630dca979062ed

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:49Z/

url

https://github.com/adonisjs/bodyparser/commit/40e1c71f958cffb74f6b91bed6630dca979062ed

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25754

reference_id

CVE-2026-25754

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25754

reference_url

https://github.com/adonisjs/core/security/advisories/GHSA-f5x2-vj4h-vg4c

reference_id

GHSA-f5x2-vj4h-vg4c

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:49Z/

url

https://github.com/adonisjs/core/security/advisories/GHSA-f5x2-vj4h-vg4c

reference_url

https://github.com/advisories/GHSA-f5x2-vj4h-vg4c

reference_id

GHSA-f5x2-vj4h-vg4c

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f5x2-vj4h-vg4c

reference_url

https://github.com/adonisjs/bodyparser/releases/tag/v11.0.0-next.9

reference_id

v11.0.0-next.9

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:49Z/

url

https://github.com/adonisjs/bodyparser/releases/tag/v11.0.0-next.9

fixed_packages

url	pkg:npm/%40adonisjs/bodyparser@10.1.3
purl	pkg:npm/%40adonisjs/bodyparser@10.1.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/%2540adonisjs/bodyparser@10.1.3

url	pkg:npm/%40adonisjs/bodyparser@11.0.0-next.9
purl	pkg:npm/%40adonisjs/bodyparser@11.0.0-next.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/%2540adonisjs/bodyparser@11.0.0-next.9

aliases CVE-2026-25754, GHSA-f5x2-vj4h-vg4c

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sufk-g6f1-yycg

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540adonisjs/bodyparser@9.3.2-5

Package Instance