`multer`

Ecosystem:
npm

Package URL:
pkg:npm/multer

Total PRs:
7,033 Dependabot PRs

Latest PR:
1 day ago

Unique Repositories:
4,449 repositories

Unique Repos (30 days):
38 repositories

Security Advisories

Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads

GHSA-3p4h-7m6x-2hcm CVE-2026-5038 MODERATE published 1 day ago • updated 1 day ago

### Impact A vulnerability in Multer allows an attacker to trigger a Denial of Service (DoS) by aborting or sending malformed multipart uploads, c...

Multer vulnerable to Denial of Service via deeply nested field names

GHSA-72gw-mp4g-v24j CVE-2026-5079 HIGH published 1 day ago • updated 1 day ago

### Impact Multer is vulnerable to a Denial of Service (DoS) via deeply nested field names in multipart form data. The `append-field` dependency p...

View all 9 advisories

Recent PRs

RSS Feed

chore(deps): bump the production-dependencies group with 26 updates

Esiana-ttrpg/esiana-core #85

2.1.1 → 2.2.0 Minor PR

Open 1 day ago 1 comment

deps: bump multer from 2.0.2 to 2.2.0

FireFistisDead/pdf-qa-bot #559

2.0.2 → 2.2.0 Minor PR

Open 2 days ago 1 comment

Bump the minor group across 1 directory with 10 updates

ministryofjustice/hmpps-manage-people-on-probation-ui #1608

2.1.1 → 2.2.0 Minor PR

Closed 2 days ago 1 comment

build(deps): bump the minor-and-patch group across 1 directory with 3 updates

wrya77/Diqqat-Qalam #6

2.1.1 → 2.2.0 Minor PR

Closed 2 days ago 2 comments

chore(deps): bump multer from 2.1.1 to 2.2.0

Manuel1234477/Stellar-Micro-Donation-API #1106

2.1.1 → 2.2.0 Minor PR

Open 2 days ago 1 comment

Bump the backend-production group in /backend with 4 updates

Caretip/CareTip #4

2.1.1 → 2.2.0 Minor PR

Open 3 days ago 2 comments

Bump the npm_and_yarn group across 1 directory with 17 updates

patelarthAI/New-Arthformat #2

2.0.2 → 2.1.1 Minor PR

Open 6 days ago 1 comment

chore(deps): bump the minor-and-patch group with 42 updates

shilojeyaraj/Brain-Battle #8

2.0.2 → 2.1.1 Minor PR

Open 6 days ago 2 comments

chore(deps): bump multer from 1.4.5-lts.2 to 2.1.1 in /backend

anurag3407/career-pilot #3437

1.4.5-lts.2 → 2.1.1 Major PR

Open 9 days ago 4 comments

chore(deps): bump the npm_and_yarn group across 4 directories with 13 updates

ashark-ai-05/paperclip #4

2.0.2 → 2.1.1 Minor PR

Closed 10 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 4 directories with 13 updates

Heavy02011/paperclip #5

2.0.2 → 2.1.1 Minor PR

Closed 10 days ago 1 comment

deps(deps): bump the major group with 56 updates

mo0om/juice-shop #37

1.4.5-lts.2 → 2.1.1 Major PR

Closed 10 days ago 3 comments

chore(deps): bump the npm_and_yarn group across 4 directories with 8 updates

dculussoftwares/dculus-forms #52

2.0.2 → 2.1.1 Minor PR

Closed 16 days ago 2 comments

chore(deps): bump multer from 1.4.5-lts.2 to 2.1.1 in /server

donovan-hue/scriptdrop #2

1.4.5-lts.2 → 2.1.1 Major PR

Open 17 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 7 directories with 3 updates

Kaairofelipe/open-design #2

1.4.5-lts.2 → 2.1.1 Major PR

Closed 17 days ago 1 comment

deps(deps): bump the minor-and-patch group across 1 directory with 51 updates

chenjeraimunyaradzi05-art/Nexta #58

2.0.2 → 2.1.1 Minor PR

Closed 18 days ago 3 comments

Bump the npm_and_yarn group across 1 directory with 15 updates

JulianiusM/Surveyor #74

2.0.2 → 2.1.1 Minor PR

Open 19 days ago 1 comment

chore(deps): bump the dependencies group with 78 updates

Angelqg01/bez-digital-ecosystem #27

2.0.2 → 2.1.1 Minor PR

Open 22 days ago 2 comments

chore(deps): bump the patch-updates group across 1 directory with 77 updates

dculussoftwares/dculus-forms #48

2.0.2 → 2.1.1 Minor PR

Closed 22 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates

rushikesh-bobade/empay-hrms #69

1.4.5-lts.2 → 2.1.1 Major PR

Open 22 days ago 2 comments

Bump multer from 1.4.2 to 2.1.1

svbgabriel/gobarber-backend #26

1.4.2 → 2.1.1 Major PR

Closed 24 days ago 1 comment

build(deps): bump the all group in /api with 17 updates

gsaraiva2109/VinylVault #94

1.4.5-lts.2 → 2.1.1 Major PR

Open 24 days ago 2 comments

chore(deps): bump multer from 1.4.4 to 2.1.1

webtorrent/webtorrent.io #305

1.4.4 → 2.1.1 Major PR

Open 24 days ago 1 comment

Bump the patch-and-minor group across 1 directory with 8 updates

Peacanduck/solignition #12

2.0.2 → 2.1.1 Minor PR

Open 25 days ago 2 comments

chore(server): Bump the media group in /server with 2 updates

Elmanosound/familyapp #73

1.4.5-lts.2 → 2.1.1 Major PR

Open 25 days ago 1 comment

chore(deps): bump the server-deps group across 1 directory with 14 updates

Builder106/MedCore #9

1.4.5-lts.2 → 2.1.1 Major PR

Open 25 days ago 2 comments

chore(deps): bump the npm_and_yarn group across 45 directories with 6 updates

JovannyCO/nodejs-docs-samples #22

1.4.4 → 2.1.1 Major PR

Closed 25 days ago 1 comment

Bump multer and @types/multer

aswer18400/QXwap #218

1.4.5-lts.2 → 2.1.1 Major PR

Open 25 days ago 4 comments

Bump the production-dependencies group across 1 directory with 21 updates

abishkar123/Resume-optimization-api #23

1.4.5-lts.2 → 2.1.1 Major PR

Open 25 days ago 1 comment

chore(deps): Bump the npm_and_yarn group across 1 directory with 7 updates

ry-ops/ATSFlow #16

2.0.2 → 2.1.1 Minor PR

Closed 26 days ago 2 comments

chore(deps): bump the npm_and_yarn group across 31 directories with 6 updates

JovannyCO/nodejs-docs-samples #18

1.4.4 → 2.1.1 Major PR

Closed 27 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 14 directories with 6 updates

JovannyCO/nodejs-docs-samples #15

1.4.4 → 2.1.1 Major PR

Closed 27 days ago 1 comment

Bump the npm_and_yarn group across 2 directories with 21 updates

rorymclaughlin432/admin-dashboard-charts #2

2.0.2 → 2.1.1 Minor PR

Open 27 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 2 directories with 15 updates

infrareactive/Orus-Builder-FullStack #12

2.0.2 → 2.1.1 Minor PR

Closed 27 days ago 1 comment

Bump multer from 1.4.5-lts.2 to 2.1.1 in the npm_and_yarn group across 1 directory

GlacierEQ/stagehand #13

1.4.5-lts.2 → 2.1.1 Major PR

Open 27 days ago 2 comments

Bump the npm_and_yarn group across 3 directories with 3 updates

SamaelxLunafreya/selenium #22

1.4.5-lts.2 → 2.1.1 Major PR

Open 27 days ago 1 comment

chore(deps): bump multer from 1.4.5-lts.2 to 2.1.1 in /server in the npm_and_yarn group across 1 directory

printwithsynergy/lens-pdf #12

1.4.5-lts.2 → 2.1.1 Major PR

Open 27 days ago 3 comments

Bump the npm_and_yarn group across 2 directories with 1 update

IAM-Nitesh/Shaadi_Mantrana #46

1.4.5-lts.1 → 2.1.1 Major PR

Open 27 days ago 1 comment

Bump the npm_and_yarn group across 1 directory with 25 updates

fujimakis-sss/juice-shop #4

1.4.5-lts.2 → 2.1.1 Major PR

Closed 28 days ago 1 comment

chore(deps): bump the patch-updates group with 44 updates

dculussoftwares/dculus-forms #21

2.0.2 → 2.1.1 Minor PR

Closed 29 days ago 1 comment

Bump the npm_and_yarn group across 5 directories with 18 updates

c6ai/caliper #27

1.4.4 → 2.1.1 Major PR

Closed 30 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 14 directories with 14 updates

Klomgor/medusa #623

2.0.2 → 2.1.1 Minor PR

Closed about 1 month ago 4 comments

chore(deps): Bump the minor-and-patch group across 1 directory with 6 updates

kshartman/media-management-system #49

2.1.0 → 2.1.1 Patch PR

Open about 1 month ago 1 comment

Bump multer from 1.4.5-lts.2 to 2.1.1 in /admin

AdamNolle/terminal-eighty-blog #9

1.4.5-lts.2 → 2.1.1 Major PR

Open about 1 month ago 1 comment

chore(deps): bump the npm_and_yarn group across 2 directories with 15 updates

infrareactive/Orus-Builder-FullStack #11

2.0.2 → 2.1.1 Minor PR

Closed about 1 month ago 1 comment

deps(deps): bump the utilities group with 3 updates

NicholasEmery/newsly-portal-backend #3

2.0.2 → 2.1.1 Minor PR

Open about 1 month ago 1 comment

build(deps): bump multer from 1.4.5-lts.2 to 2.1.1 in /packages/maestro-proxy

SashalmiImre/Maestro_Plugin #16

1.4.5-lts.2 → 2.1.1 Major PR

Open about 1 month ago 1 comment

chore(deps): bump multer from 2.0.2 to 2.1.1

KainNhantumbo/ecommerce-app-server #39

2.0.2 → 2.1.1 Minor PR

Closed about 1 month ago 1 comment

Bump the npm_and_yarn group across 1 directory with 18 updates

GlacierEQ/stagehand #12

1.4.5-lts.2 → 2.1.1 Major PR

Open about 1 month ago 2 comments

chore(deps-dev): bump the dev-dependencies group across 1 directory with 10 updates

Contra-Collective/ingenium #26

1.4.5-lts.2 → 2.1.1 Major PR

Closed about 1 month ago 1 comment

Package Details

Name:	`multer`
Ecosystem:	npm
PURL Type:	npm
Package URL:	`pkg:npm/multer`
JSON API:	View JSON

Security Advisories

9

Active advisories

HIGH 8

MODERATE 1

View All npm Advisories

Package Information

Description:

Middleware for handling `multipart/form-data`.

Repository:	https://github.com/expressjs/multer
Homepage:	https://github.com/expressjs/multer#readme
Latest Release:	`2.0.1` about 1 year ago
Dependent Repos:	323,227
Dependent Packages:	4,202
Downloads:	29,118,183
Ranking:	Top 0.0655% by dependent repos Top 0.0665% by downloads Top 0.0226% by dependent pkgs

PR Status

Open 3,574 (50.8%)

Merged 1,304 (18.5%)

Closed 1,657 (23.6%)

PR Types

Major 4,522 (64.3%)

Minor 459 (6.5%)

Patch 1,414 (20.1%)

Removal 8 (0.1%)

multer

Security Advisories

Multer vulnerable to Denial of Service via unhandled exception

Multer vulnerable to Denial of Service via resource exhaustion

Multer vulnerable to Denial of Service via incomplete cleanup

Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads

Multer vulnerable to Denial of Service via deeply nested field names

Recent PRs

Package Details

Security Advisories

9

Package Information

PR Status

PR Types

`multer`