Vulnerabilities > QS Project > QS > 0.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-26 | CVE-2022-24999 | qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. | 7.5 |
| 2018-05-31 | CVE-2014-10064 | Resource Management Errors vulnerability in QS Project QS The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. | 5.0 |