Dependency vulnerabilities in v5.1.0 (form-data, multer)
Hi team,
An audit of the latest v5.1.0 release shows unpatched security vulnerabilities originating from the form-data and multer dependencies.
Here are the details and the required updates to resolve them:
Vulnerability Details
1. form-data
- CVE:
CVE-2026-12143
- Fix: Bump
form-data to version 2.5.6, 3.0.5, 4.0.6, or higher.
2. multer
- CVEs:
CVE-2026-3304, CVE-2026-2359, CVE-2026-3520, CVE-2025-48997, CVE-2025-7338, CVE-2025-47935, CVE-2025-47944, CVE-2026-5079
- Fix: Bump
multer to version 2.2.0, 3.0.0-alpha.2, or higher.
Suggested Action
Could you bump these dependencies in the package.json / package-lock.json for an upcoming patch release? Let me know if you would accept a PR for this.
Thanks.
Dependency vulnerabilities in v5.1.0 (
form-data,multer)Hi team,
An audit of the latest
v5.1.0release shows unpatched security vulnerabilities originating from theform-dataandmulterdependencies.Here are the details and the required updates to resolve them:
Vulnerability Details
1.
form-dataCVE-2026-12143form-datato version2.5.6,3.0.5,4.0.6, or higher.2.
multerCVE-2026-3304,CVE-2026-2359,CVE-2026-3520,CVE-2025-48997,CVE-2025-7338,CVE-2025-47935,CVE-2025-47944,CVE-2026-5079multerto version2.2.0,3.0.0-alpha.2, or higher.Suggested Action
Could you bump these dependencies in the
package.json/package-lock.jsonfor an upcoming patch release? Let me know if you would accept a PR for this.Thanks.