Browse all 5 CVE security advisories affecting adonisjs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
AdonisJS is a Node.js web framework primarily used for building scalable server-side applications and APIs. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from misconfigurations or input validation flaws. The framework's security features like built-in CSRF protection and encryption help mitigate risks, though developers must remain vigilant about proper implementation. While no major public security incidents have been widely reported, the five documented CVEs highlight areas where careful configuration and regular updates are essential to maintain secure deployments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40255 | @adonisjs/http-server has an Open Redirect vulnerability — http-serverCWE-601 | 6.1 | Medium | 2026-04-16 |
| CVE-2026-25762 | AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection — coreCWE-400 | 7.5 | High | 2026-02-06 |
| CVE-2026-25754 | AdonisJS multipart body parsing has Prototype Pollution issue — coreCWE-1321 | 7.2 | High | 2026-02-06 |
| CVE-2026-22814 | Mass Assignment in AdonisJS Lucid Allows Overwriting Internal ORM State — lucidCWE-915 | 7.5AI | HighAI | 2026-01-13 |
| CVE-2026-21440 | AdonisJS Path Traversal in Multipart File Handling — coreCWE-22 | 7.5 | - | 2026-01-02 |
This page lists every published CVE security advisory associated with adonisjs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.