multiparty

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting multipartypage 1 of 1

CVE-2026-8159HIGHCVSS 7.5EG 7.5✓ Fixed in 4.3.0
2026-05-12
multiparty@4.2.3 and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching …
CVE-2026-8161HIGHCVSS 7.5EG 7.5✓ Fixed in 4.3.0
2026-05-12
multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as __proto__, constru…
CVE-2026-8162HIGHCVSS 7.5EG 7.5✓ Fixed in 4.3.0
2026-05-12
multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename* parameter contains a malformed percent-encoding, the…

Check whether multiparty is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for multiparty CVEs against the assets you own.

Start Free Scan →