`qs`

Ecosystem:
npm

Package URL:
pkg:npm/qs

Total PRs:
21,824 Dependabot PRs

Latest PR:
about 4 hours ago

Unique Repositories:
18,588 repositories

Unique Repos (30 days):
672 repositories

Security Advisories

qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set

GHSA-q8mj-m7cp-5q26 CVE-2026-8723 MODERATE published 9 days ago • updated 8 days ago

### Summary `qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` o...

Denial-of-Service Memory Exhaustion in qs

GHSA-jjv7-qpx3-h62q CVE-2014-7191 HIGH published over 8 years ago • updated 2 days ago

Versions prior to 1.0 of `qs` are affected by a denial of service condition. This condition is triggered by parsing a crafted string that deseriali...

View all 7 advisories

Recent PRs

RSS Feed

build(deps): bump qs from 6.15.1 to 6.15.2 in /kotlin-js-store

KotlinMania/two-face-kotlin #18

6.15.1 → 6.15.2 Patch PR

Closed about 4 hours ago 1 comment

chore(deps): bump the npm_and_yarn group across 1 directory with 9 updates

pathharper/organic-typing #84

6.14.0 → 6.15.2 Minor PR

Open about 4 hours ago 1 comment

chore(deps): bump the npm_and_yarn group across 1 directory with 17 updates

lhy8888/uptime #67

6.14.2 → 6.15.2 Minor PR

Closed about 12 hours ago 2 comments

chore(deps): bump the npm_and_yarn group across 13 directories with 12 updates

Dargon789/codesandbox-client #137

6.11.2 → 6.15.2 Minor PR

Open about 12 hours ago 2 comments

Bump the npm_and_yarn group across 4 directories with 17 updates

hashim2266/devhub #11

6.9.1 → 6.15.2 Minor PR

Open about 13 hours ago 2 comments

Bump qs and express

Automattic/simplenote-electron #3370

6.13.0 → 6.15.2 Minor PR

Closed about 14 hours ago 1 comment

build(deps): bump qs and @cypress/request

realstatesoft/frontend #202

6.14.2 → 6.15.2 Minor PR

Open about 14 hours ago 1 comment

Bump qs from 6.15.0 to 6.15.2

amirwebd3v/Flowcv-mcp #2

6.15.0 → 6.15.2 Patch PR

Closed about 14 hours ago 1 comment

chore(deps): bump qs from 6.15.0 to 6.15.2

brandonlacoste9-tech/ZyeuteV5 #165

6.15.0 → 6.15.2 Patch PR

Open about 15 hours ago 5 comments

Bump qs and jsdom

Automattic/customize-direct-manipulation #56

removed Removal PR

Closed about 17 hours ago 1 comment

Bump qs from 6.10.4 to 6.15.2

ivanELEC/colours-app #91

6.10.4 → 6.15.2 Minor PR

Open about 19 hours ago 1 comment

Bump the npm_and_yarn group across 1 directory with 3 updates

HarleyCoops/gemini-cursor #4

6.15.1 → 6.15.2 Patch PR

Open about 22 hours ago 1 comment

chore(deps): bump the npm_and_yarn group across 2 directories with 21 updates

EmilynnJ/GitNexus #1

6.14.1 → 6.15.2 Minor PR

Open 1 day ago 4 comments

chore(deps): bump the npm_and_yarn group across 2 directories with 19 updates

EmilynnJ/twilio-video.js #1

6.13.0 → 6.15.2 Minor PR

Open 1 day ago 4 comments

chore(deps): bump qs from 6.14.2 to 6.15.2 in the npm_and_yarn group across 1 directory

Heretek-AI/heretek-openclaw-dashboard #1

6.14.2 → 6.15.2 Minor PR

Open 1 day ago 1 comment

build(deps): bump the npm_and_yarn group across 3 directories with 11 updates

sentry-demos/empower #1500

6.14.2 → 6.15.2 Minor PR

Open 1 day ago 1 comment

Chore(deps): bump the npm_and_yarn group across 41 directories with 5 updates

Kaairofelipe/extensions #30

6.15.0 → 6.15.2 Patch PR

Closed 1 day ago 1 comment

chore(deps): bump the npm_and_yarn group across 1 directory with 13 updates

cwallenfang/plentyshop-pwa #26

6.14.2 → 6.15.2 Minor PR

Open 1 day ago 1 comment

Bump the npm_and_yarn group across 1 directory with 19 updates

NYPL/nypl-library-card-app #745

6.10.4 → 6.15.2 Minor PR

Open 1 day ago 1 comment

Bump qs and @cypress/request in /packages/e2e

tektoncd/dashboard #5010

6.14.2 → 6.15.2 Minor PR

Open 1 day ago 1 comment

Bump the npm_and_yarn group across 11 directories with 10 updates

loveyou001/firebase-framework-tools #80

6.14.2 → 6.15.2 Minor PR

Open 1 day ago 2 comments

chore(deps): bump the npm_and_yarn group across 15 directories with 10 updates

loveyou001/genkit #71

6.14.2 → 6.15.2 Minor PR

Open 1 day ago 1 comment

chore(deps): bump the npm_and_yarn group across 16 directories with 10 updates

nssuwan186-dev/bun #47

6.11.2 → 6.15.2 Minor PR

Closed 1 day ago 1 comment

Bump the npm_and_yarn group across 15 directories with 12 updates

XavierMP14/RUN #63

6.11.2 → 6.15.2 Minor PR

Closed 1 day ago 1 comment

chore(deps): bump the npm_and_yarn group across 9 directories with 17 updates

4xiaxia/markup #5

6.15.0 → 6.15.2 Patch PR

Closed 1 day ago 1 comment

chore(deps): bump qs and @cypress/request in /examples/music-library

QualityMinds/openapi-generator-typescript-cypress #107

6.14.2 → 6.15.2 Minor PR

Closed 2 days ago 1 comment

Bump the npm_and_yarn group across 14 directories with 11 updates

FlyingGorillaz/helicone #44

6.11.2 → removed

Closed 2 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 3 directories with 3 updates

markusknudtsen-droid/firecrawl #9

6.15.0 → 6.15.2 Patch PR

Open 2 days ago 2 comments

chore(deps): bump the npm_and_yarn group across 16 directories with 11 updates

bluluvinn/genkit #50

6.13.0 → 6.15.2 Minor PR

Closed 2 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 5 directories with 8 updates

Sherlock999xxx/firecrawl #39

6.15.0 → 6.15.2 Patch PR

Open 3 days ago 3 comments

chore(deps): bump the npm_and_yarn group across 1 directory with 8 updates

sonicverse-eu/website #48

6.15.1 → 6.15.2 Patch PR

Open 3 days ago 3 comments

build(deps): bump qs from 6.14.1 to 6.15.2 in /external-crates/move/tooling/prettier-extension

Dustin4444/sui #149

6.14.1 → 6.15.2 Minor PR

Open 3 days ago 5 comments

Bump the npm_and_yarn group across 10 directories with 3 updates

danielbodnar/web-ai-demos #19

6.14.1 → 6.15.2 Minor PR

Open 3 days ago 2 comments

build(deps): Bump the npm_and_yarn group across 1 directory with 5 updates

bbbbbbbbbc/Snajperrr #25

6.14.2 → 6.15.2 Minor PR

Closed 3 days ago 3 comments

Bump the npm_and_yarn group across 1 directory with 15 updates

diazMelgarejo/AlphaClaw #1

6.14.2 → 6.15.2 Minor PR

Closed 3 days ago 2 comments

Bump the npm_and_yarn group across 6 directories with 9 updates

pdragy/trillium #129

6.11.2 → 6.13.0 Minor PR

Closed 3 days ago 1 comment

Bump the npm_and_yarn group across 1 directory with 18 updates

gagneet/firefly-iii #11

6.14.0 → 6.15.2 Minor PR

Closed 3 days ago 1 comment

Bump the npm_and_yarn group across 11 directories with 9 updates

randybloxham5-arch/apphosting-adapters #24

6.13.0 → 6.15.2 Minor PR

Closed 3 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 3 directories with 6 updates

samhiotisiddn-jpg/hermes-agent #1

6.14.2 → 6.15.2 Minor PR

Open 3 days ago 2 comments

build(deps): bump the npm_and_yarn group across 7 directories with 11 updates

Dargon789/interface #142

6.14.2 → 6.15.2 Minor PR

Open 3 days ago 3 comments

chore(deps): bump the npm_and_yarn group across 13 directories with 8 updates

kafaat/sahool-unified-v15-idp #1833

6.14.2 → 6.15.2 Minor PR

Open 3 days ago 2 comments

chore(deps): bump qs from 6.15.1 to 6.15.2

kodustech/kodus-ai #1195

6.15.1 → 6.15.2 Patch PR

Open 4 days ago 2 comments

chore(deps): bump qs from 6.15.1 to 6.15.2 in /apps/worker

yourhq/yourhq #70

6.15.1 → 6.15.2 Patch PR

Open 4 days ago 1 comment

build(deps): bump the npm_and_yarn group across 1 directory with 4 updates

PhoenixWild29/functional-medicine-infrastructure #61

6.15.0 → 6.15.2 Patch PR

Closed 4 days ago 3 comments

Bump the npm_and_yarn group across 39 directories with 4 updates

XScornGames/azuredatastudio #47

6.5.3 → 6.5.5 Patch PR

Closed 4 days ago 1 comment

chore(deps): bump qs and express

shazzar00ni/paperlyte-v2 #1022

6.14.2 → 6.15.2 Minor PR

Closed 4 days ago 6 comments

chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates

xiaojiou176-open/OpenUIStudio #58

6.15.0 → 6.15.2 Patch PR

Open 4 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 15 directories with 13 updates

loveyou001/genkit #69

6.14.2 → 6.15.2 Minor PR

Open 4 days ago 1 comment

build(deps): bump the npm_and_yarn group across 12 directories with 7 updates

QueenFi703/microsoft-365-agents-toolkit #27

6.11.0 → 6.15.2 Minor PR

Closed 4 days ago 1 comment

build(deps): bump the npm_and_yarn group across 17 directories with 17 updates

eagle19900203-boop/railpack #20

6.13.0 → 6.15.2 Minor PR

Closed 4 days ago 1 comment

Package Details

Name:	`qs`
Ecosystem:	npm
PURL Type:	npm
Package URL:	`pkg:npm/qs`
JSON API:	View JSON

Security Advisories

7

Active advisories

HIGH 4

MODERATE 2

LOW 1

View All npm Advisories

Package Information

Description:

A querystring parser that supports nesting and arrays, with a depth limit

Repository:	https://github.com/ljharb/qs
Homepage:	https://github.com/ljharb/qs
Latest Release:	`6.14.0` over 1 year ago
Dependent Repos:	2,110,964
Dependent Packages:	15,944
Downloads:	399,573,108
Ranking:	Top 0.0137% by dependent repos Top 0.0019% by downloads Top 0.0064% by dependent pkgs

PR Status

Open 6,352 (29.1%)

Merged 322 (1.5%)

Closed 14,865 (68.1%)

PR Types

Major 52 (0.2%)

Minor 13,316 (61.0%)

Patch 8,060 (36.9%)

Removal 75 (0.3%)

qs

Security Advisories

Denial-of-Service Extended Event Loop Blocking in qs

qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion

qs's arrayLimit bypass in comma parsing allows denial of service

qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set

Denial-of-Service Memory Exhaustion in qs

Recent PRs

Package Details

Security Advisories

7

Package Information

PR Status

PR Types

`qs`