Software catalogue for Express.js

basic-auth-connect body-parser CORS Express Helmet

morgan multer serve-static

Latest security bulletins

Secuity bulletin	Severity	Status	Published
SB2025120158: Prototype pollution in Express.js	Medium	Patched	01.12.2025
SB2025112551: Denial of service in body-parser	Medium	Patched	25.11.2025
SB2025072557: Uncaught exception in Multer	Medium	Patched	25.07.2025
SB2025071811: Denial of service in multer	Medium	Patched	18.07.2025
SB2025061251: Uncaught exception in expressjs multer	Medium	Patched	12.06.2025
SB2025061250: Memory leak in expressjs multer	High	Patched	12.06.2025
SB2024121312: Information exposure through timing discrepancy in expressjs basic-auth-connect	Medium	Patched	13.12.2024
SB2024100821: Cross-site scripting in expressjs serve-static	Medium	Patched	08.10.2024
SB2024091250: XSS in Express.js framework	Medium	Patched	12.09.2024
SB2024091249: Remote denial of service in Express.js body-parser	Medium	Patched Public exploit	12.09.2024