{"package":"@adonisjs/bodyparser","ecosystem":"npm","latest_version":"11.0.1","description":"BodyParser middleware for AdonisJS http server to read and parse request body","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://github.com/adonisjs/bodyparser#readme","repository":"https://github.com/adonisjs/bodyparser","downloads_weekly":102953,"health":{"score":63,"risk":"moderate","breakdown":{"maintenance":25,"popularity":14,"security":5,"maturity":15,"community":4},"deprecated":false,"max_score":100},"vulnerabilities":{"count":3,"critical":1,"high":2,"medium":0,"low":0,"details":[{"vuln_id":"CVE-2026-25754","severity":"high","summary":"AdonisJS multipart body parsing has Prototype Pollution issue","affected_versions":"<10.1.3|>=11.0.0-next.0,<11.0.0-next.9","fixed_version":"11.0.0-next.9","source":"osv","published_at":"2026-02-06T19:27:30Z","in_kev":false,"epss_prob":0.00018,"epss_percentile":0.04539,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-21440","severity":"critical","summary":"AdonisJS Path Traversal in Multipart File Handling","affected_versions":"<10.1.2|>=11.0.0-next.0,<11.0.0-next.6","fixed_version":"11.0.0-next.6","source":"osv","published_at":"2026-01-02T18:58:32Z","in_kev":false,"epss_prob":0.0011,"epss_percentile":0.28918,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-25762","severity":"high","summary":"AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection","affected_versions":"<10.1.3|>=11.0.0-next.0,<11.0.0-next.9","fixed_version":"11.0.0-next.9","source":"osv","published_at":"2026-02-06T19:53:55Z","in_kev":false,"epss_prob":0.00018,"epss_percentile":0.04909,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"11.0.1","total_count":139,"recent":["10.0.1","10.0.2","10.0.3","10.1.0","11.0.0-next.0","11.0.0-next.1","11.0.0-next.2","10.1.1","11.0.0-next.3","11.0.0-next.4","11.0.0-next.5","10.1.2","11.0.0-next.6","11.0.0-next.7","11.0.0-next.8","11.0.0-next.9","10.1.3","10.1.4","11.0.0","11.0.1"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":3,"first_published":"2017-06-22T07:40:08.931Z","last_published":"2026-04-04T23:23:16.068Z","dependencies_count":9,"dependencies":["@poppinss/macroable","@poppinss/middleware","@poppinss/multiparty","@poppinss/qs","@poppinss/utils","file-type","inflation","media-typer","raw-body"]},"github_stats":null,"bundle":null,"typescript":{"score":0,"has_types":false,"types_source":null,"types_package":null},"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["2 high severity vulnerabilities","1 critical vulnerabilities"],"use_version":"11.0.1","version_hint":"Update to >= 11.0.0-next.9 to fix known vulnerabilities","summary":"@adonisjs/bodyparser has critical vulnerabilities — do not use"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":1230,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":3235,"last_release_days_ago":26,"avg_days_between_releases":170,"release_velocity":"active"}}