A library to create readable "multipart/form-data" streams. Can be used to submit forms and file uploads to other web applications.
92%
Total Score
100
86
89
100
0
| Title | Versions | Severity |
|---|---|---|
CVE-2026-12143 form-data is vulnerable to Improper Neutralization of CRLF Sequences ('CRLF Injection') in versions 0.0.0 - 2.5.6, 3.0.0 - 3.0.5 and 4.0.0 - 4.0.6. | 0.0.0 - 2.5.63.0.0 - 3.0.54.0.0 - 4.0.6 | High |
CVE-2025-7783 form-data is vulnerable to Use of Insufficiently Random Values in versions 0.0.0 - 2.5.4, 3.0.0 - 3.0.4 and 4.0.0 - 4.0.4. | 0.0.0 - 2.5.43.0.0 - 3.0.44.0.0 - 4.0.4 | Critical |
| Dependency | Last Release | Score |
|---|---|---|
hasown Version ^2.0.4 | — | — |
asynckit Version ^0.4.0 | — | — |
mime-types Version ^2.1.35 | — | — |
combined-stream Version ^1.0.8 | — | — |
es-set-tostringtag Version ^2.1.0 | — | — |
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant