Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

qs

Ecosystem:
npm
Package URL:
pkg:npm/qs
Total PRs:
21,844 Dependabot PRs
Latest PR:
about 3 hours ago
Unique Repositories:
18,604 repositories
Unique Repos (30 days):
672 repositories
Security Advisories
qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion
GHSA-6rw7-vpxm-498p CVE-2025-15284 MODERATE published 5 months ago • updated about 21 hours ago
### Summary The `arrayLimit` option in qs did not enforce limits for bracket notation (`a[]=1&a[]=2`), only for indexed notation (`a[0]=1`). This ...
qs's arrayLimit bypass in comma parsing allows denial of service
GHSA-w7fw-mjwx-w883 CVE-2026-2391 LOW published 4 months ago • updated 13 days ago
### Summary The `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to c...
qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set
GHSA-q8mj-m7cp-5q26 CVE-2026-8723 MODERATE published 10 days ago • updated 10 days ago
### Summary `qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` o...
Denial-of-Service Memory Exhaustion in qs
GHSA-jjv7-qpx3-h62q CVE-2014-7191 HIGH published over 8 years ago • updated about 2 hours ago
Versions prior to 1.0 of `qs` are affected by a denial of service condition. This condition is triggered by parsing a crafted string that deseriali...
Denial-of-Service Extended Event Loop Blocking in qs
GHSA-f9cm-p3w6-xvr3 CVE-2014-10064 HIGH published over 7 years ago • updated about 2 hours ago
Versions prior to 1.0.0 of `qs` are affected by a denial of service vulnerability that results from excessive recursion in parsing a deeply nested ...
View all 7 advisories
Recent PRs (filtered by: Patch PRs )
RSS Feed Clear filter
Bump the npm_and_yarn group across 5 directories with 12 updates

GlacierEQ/langchainjs #7

6.14.1 → 6.14.2 Patch PR
Open about 6 hours ago 1 comment
GlacierEQ
build(deps): bump the npm_and_yarn group across 1 directory with 11 updates

steffenkoenig/sketchgit #189

6.15.0 → 6.15.2 Patch PR
Closed about 7 hours ago 2 comments
steffenkoenig
build(deps): bump the non-breaking-changes group across 1 directory with 58 updates

tianxin8848/tianxin-introduction-admin #46

6.15.0 → 6.15.2 Patch PR
Open about 18 hours ago 1 comment
tianxin8848
build(deps): bump the npm_and_yarn group across 1 directory with 3 updates

bit-and-byte-ideas/larios-income-tax-website #65

6.15.0 → 6.15.2 Patch PR
Closed about 22 hours ago 2 comments
bit-and-byte-ideas
chore(deps-dev): bump qs from 6.15.0 to 6.15.2

andrerfneves/lightning-decoder #109

6.15.0 → 6.15.2 Patch PR
Open 1 day ago 1 comment
andrerfneves
chore(deps-dev): bump the minor-and-patch group across 1 directory with 8 updates

owncloud/web-extensions #434

6.15.1 → 6.15.2 Patch PR
Open 1 day ago 1 comment
owncloud
Bump the npm_and_yarn group across 6 directories with 13 updates

Hawthorne001/azure-sdk-for-net #863

6.15.1 → 6.15.2 Patch PR
Open 1 day ago 1 comment
Hawthorne001
Bump qs from 6.15.1 to 6.15.2

arsantoid/BOT_SUHU #1

6.15.1 → 6.15.2 Patch PR
Closed 1 day ago 2 comments
arsantoid
build(deps): bump qs from 6.15.1 to 6.15.2 in /kotlin-js-store

KotlinMania/two-face-kotlin #18

6.15.1 → 6.15.2 Patch PR
Closed 1 day ago 1 comment
KotlinMania
Bump the security-patches group across 1 directory with 3 updates

baghb004-cpu/Lusik-and-sons- #166

6.15.1 → 6.15.2 Patch PR
Closed 2 days ago 2 comments
baghb004-cpu
Bump qs from 6.15.0 to 6.15.2

amirwebd3v/Flowcv-mcp #2

6.15.0 → 6.15.2 Patch PR
Closed 2 days ago 1 comment
amirwebd3v
chore(deps): bump qs from 6.15.0 to 6.15.2

brandonlacoste9-tech/ZyeuteV5 #165

6.15.0 → 6.15.2 Patch PR
Open 2 days ago 5 comments
brandonlacoste9-tech
Bump the npm_and_yarn group across 1 directory with 3 updates

HarleyCoops/gemini-cursor #4

6.15.1 → 6.15.2 Patch PR
Open 2 days ago 1 comment
HarleyCoops
chore(deps): bump the npm_and_yarn group across 1 directory with 4 updates

Bygmedai/emilsalzer.dk #8

6.15.0 → 6.15.2 Patch PR
Closed 3 days ago 3 comments
Bygmedai
Chore(deps): bump the npm_and_yarn group across 41 directories with 5 updates

Kaairofelipe/extensions #30

6.15.0 → 6.15.2 Patch PR
Closed 3 days ago 1 comment
Kaairofelipe
chore(deps): bump the npm_and_yarn group across 9 directories with 17 updates

4xiaxia/markup #5

6.15.0 → 6.15.2 Patch PR
Closed 3 days ago 1 comment
4xiaxia
chore(deps): bump the npm_and_yarn group across 3 directories with 3 updates

markusknudtsen-droid/firecrawl #9

6.15.0 → 6.15.2 Patch PR
Open 4 days ago 2 comments
markusknudtsen-droid
chore(deps): bump the npm_and_yarn group across 5 directories with 8 updates

Sherlock999xxx/firecrawl #39

6.15.0 → 6.15.2 Patch PR
Open 4 days ago 3 comments
Sherlock999xxx
chore(deps): bump the npm_and_yarn group across 1 directory with 8 updates

sonicverse-eu/website #48

6.15.1 → 6.15.2 Patch PR
Open 4 days ago 3 comments
sonicverse-eu
chore(deps): bump qs from 6.15.1 to 6.15.2

kodustech/kodus-ai #1195

6.15.1 → 6.15.2 Patch PR
Open 5 days ago 2 comments
kodustech
chore(deps): bump qs from 6.15.1 to 6.15.2 in /apps/worker

yourhq/yourhq #70

6.15.1 → 6.15.2 Patch PR
Open 5 days ago 1 comment
yourhq
build(deps): bump the npm_and_yarn group across 1 directory with 4 updates

PhoenixWild29/functional-medicine-infrastructure #61

6.15.0 → 6.15.2 Patch PR
Closed 6 days ago 3 comments
PhoenixWild29
Bump the npm_and_yarn group across 39 directories with 4 updates

XScornGames/azuredatastudio #47

6.5.3 → 6.5.5 Patch PR
Closed 6 days ago 1 comment
XScornGames
chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates

xiaojiou176-open/OpenUIStudio #58

6.15.0 → 6.15.2 Patch PR
Open 6 days ago 1 comment
xiaojiou176-open
build(deps): bump the non-breaking-changes group across 1 directory with 84 updates

diyanshan/monorepo #35

6.15.0 → 6.15.2 Patch PR
Closed 6 days ago 1 comment
diyanshan
chore(deps): bump qs and express

Obelyth/GoProQuikPlus #52

6.15.1 → 6.15.2 Patch PR
Open 6 days ago 4 comments
Obelyth
chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates

ptarmiganlabs/help-button.qs #147

6.15.0 → 6.15.2 Patch PR
Closed 6 days ago 1 comment
ptarmiganlabs
chore(deps): bump the non-breaking-changes group across 1 directory with 79 updates

39Nyx/pro-components #30

6.15.1 → 6.15.2 Patch PR
Closed 7 days ago 1 comment
39Nyx
Bump qs from 6.15.0 to 6.15.2 in /jacsnpm

HumanAssisted/JACS #105

6.15.0 → 6.15.2 Patch PR
Closed 7 days ago 2 comments
HumanAssisted
build(deps): bump qs from 6.15.1 to 6.15.2

Dustin4444/vscode #192

6.15.1 → 6.15.2 Patch PR
Open 7 days ago 7 comments
Dustin4444
Bump the dependencies group across 3 directories with 147 updates

maretol/maretol-base #1019

6.15.1 → 6.15.2 Patch PR
Closed 7 days ago 1 comment
maretol
build(deps): bump qs from 6.15.0 to 6.15.2 in /tools/ui

Sherlock999xxx/llama.cpp #12

6.15.0 → 6.15.2 Patch PR
Open 7 days ago 2 comments
Sherlock999xxx
chore(deps): bump qs from 6.15.1 to 6.15.2 in /packages/openclaw-memory-kernel in the npm_and_yarn group across 1 directory

mainion-ai/memory-kernel #52

6.15.1 → 6.15.2 Patch PR
Closed 7 days ago 3 comments
mainion-ai
chore(deps): bump the npm_and_yarn group across 5 directories with 17 updates

LoveDoLove-Forked-Projects/cline #35

6.15.0 → 6.15.2 Patch PR
Closed 7 days ago 1 comment
LoveDoLove-Forked-Projects
chore(deps): bump the npm_and_yarn group across 5 directories with 6 updates

pablogarrone/firecrawl #16

6.15.0 → 6.15.2 Patch PR
Closed 8 days ago 1 comment
pablogarrone
Bump qs from 6.15.1 to 6.15.2

defalque/better-drawer #1

6.15.1 → 6.15.2 Patch PR
Closed 8 days ago 4 comments
defalque
chore(deps): bump the non-breaking-changes group across 1 directory with 76 updates

cilangzzz/yudao-aisk-mes-ui-admin #35

6.15.0 → 6.15.2 Patch PR
Open 8 days ago 1 comment
cilangzzz
Bump the npm_and_yarn group across 1 directory with 3 updates

Brainicism/KMQ_Discord #2354

6.15.1 → 6.15.2 Patch PR
Closed 8 days ago 1 comment
Brainicism
chore(deps): bump the npm_and_yarn group across 3 directories with 2 updates

markusknudtsen-droid/firecrawl #8

6.15.0 → 6.15.2 Patch PR
Closed 8 days ago 1 comment
markusknudtsen-droid
chore(deps): bump the npm-deps group across 2 directories with 21 updates

hatchet-dev/hatchet #4001

6.15.1 → 6.15.2 Patch PR
Open 8 days ago 1 comment
hatchet-dev
chore(deps): bump the npm-sdk-deps group across 2 directories with 4 updates

hatchet-dev/hatchet #3997

6.15.1 → 6.15.2 Patch PR
Open 8 days ago 1 comment
hatchet-dev
chore(deps)(deps): bump the production-dependencies group across 1 directory with 93 updates

x907/website-badscandi #285

6.15.0 → 6.15.2 Patch PR
Closed 8 days ago 2 comments
x907
build(deps-dev): bump qs from 6.15.0 to 6.15.2

ant-design/ant-design-cli #120

6.15.0 → 6.15.2 Patch PR
Closed 8 days ago 3 comments
ant-design
chore(deps-dev): bump qs from 6.15.0 to 6.15.2 in the npm_and_yarn group across 1 directory

comnam90/vdc-vault-readiness #50

6.15.0 → 6.15.2 Patch PR
Open 8 days ago 1 comment
comnam90
chore(deps): bump the npm-version-updates group across 1 directory with 15 updates

zitadel/express-auth #8

6.15.1 → 6.15.2 Patch PR
Closed 8 days ago 1 comment
zitadel
Bump qs from 6.4.0 to 6.4.3 in /fixtures/art

1042422227/react #16

6.4.0 → 6.4.3 Patch PR
Closed 9 days ago 1 comment
1042422227
Bump qs from 6.15.1 to 6.15.2 in /server in the npm_and_yarn group across 1 directory

Ahmethan-5032/Now-Here #1

6.15.1 → 6.15.2 Patch PR
Open 9 days ago 2 comments
Ahmethan-5032
Bump qs from 6.15.1 to 6.15.2 in /backend in the npm_and_yarn group across 1 directory

hachtek98-stack/HomeCar #92

6.15.1 → 6.15.2 Patch PR
Closed 9 days ago 1 comment
hachtek98-stack
Bump qs from 6.15.1 to 6.15.2 in the npm_and_yarn group across 1 directory

aa7026331145-ops/Talian-li-anzimat-al-muhasaba- #8

6.15.1 → 6.15.2 Patch PR
Open 9 days ago 3 comments
aa7026331145-ops
Bump qs from 6.15.1 to 6.15.2 in the npm_and_yarn group across 1 directory

surendar630/job-faculty- #4

6.15.1 → 6.15.2 Patch PR
Open 9 days ago 1 comment
surendar630
Package Details
Name: qs
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/qs
JSON API: View JSON
Security Advisories

7

Active advisories
HIGH 4
MODERATE 2
LOW 1
View All npm Advisories
Package Information
Description:

A querystring parser that supports nesting and arrays, with a depth limit

Repository: https://github.com/ljharb/qs
Homepage: https://github.com/ljharb/qs
Latest Release: 6.14.0
over 1 year ago
Dependent Repos: 2,110,964
Dependent Packages: 15,944
Downloads: 399,573,108
Ranking: Top 0.0137% by dependent repos Top 0.0019% by downloads Top 0.0064% by dependent pkgs
PR Status
Open 6,358 (29.1%)
Merged 322 (1.5%)
Closed 14,877 (68.1%)
PR Types
Major 52 (0.2%)
Minor 13,320 (61.0%)
Patch 8,074 (37.0%)
Removal 75 (0.3%)