Adonisjs Core vulnerabilities
4 known vulnerabilities affecting adonisjs/core.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-21440P2CRITICALCVSS 9.2fixed in 10.1.2v>= 11.0.0-next.0, < 11.0.0-next.62026-01-02
CVE-2026-21440 [CRITICAL] CWE-22 CVE-2026-21440: AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart f
AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patch
nvd
CVE-2026-25754P3HIGHCVSS 7.2fixed in 10.1.3fixed in 11.0.0-next.92026-02-06
CVE-2026-25754 [HIGH] CWE-1321 CVE-2026-25754: AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototyp
AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This issue has been patched in versions 10.1.3 and 11.0.0-next.9.
nvd
CVE-2026-25762P3HIGHCVSS 7.5fixed in 10.1.3fixed in 11.0.0-next.92026-02-06
CVE-2026-25762 [HIGH] CWE-400 CVE-2026-25762: AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial o
AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service (DoS) vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in memory while attempting to detect file types, potentially
nvd
CVE-2026-40255P4MEDIUMCVSS 6.1≤ 7.3.02026-04-16
CVE-2026-40255 [MEDIUM] CWE-601 CVE-2026-40255: AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs
AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs/http-server versions prior to 7.8.1 and 8.0.0-next.0 through 8.1.3, and @adonisjs/core versions prior to 7.4.0, the response.redirect().back() method reads the Referer header from the incoming HTTP request and redirects to that URL without validating
ghsanvd