CVE Daily
← All tags

Tag: AdonisJS

All CVEs associated with "AdonisJS". Page 1/1 • 5 CVEs.

About “AdonisJS”

A curated feed of “AdonisJS”-related CVEs appears below. We currently track 5 CVEs for this tag (all time). In the last 365 days, 5 were published. Average CVSS is 7.6 (all time; 7.6 over 365d), and 80% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-601 - URL Redirection to Untrusted Site ('Open Redirect'), CWE-400 - Uncontrolled Resource Consumption, CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').

In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: adonisjs

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestEOLLTS
77.3.3-
66.20.0-
55.9.0 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “AdonisJS”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-04-16
Medium

CVE-2026-40255

AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs/http-server versions prior to 7.8.1 and 8.0.0-next.0 through 8.1.3, and @adonisjs/core versions pr…

CVSS: 6.1 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
2026-02-06
High

CVE-2026-25762

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service (DoS) vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser.…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2026-25754

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to ma…

CVSS: 7.2 CWE: CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') View on NVD
2026-01-13
High

CVE-2026-22814

@adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6, there is a Mass Assignment vulnerability in AdonisJS Lucid which may allow a remote attacker who ca…

CVSS: 8.2 CWE: CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes View on NVD
2026-01-02
Critical

CVE-2026-21440

AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the ser…

CVSS: 9.2 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox