express
express has 2 known security vulnerabilities in npm (Node.js). Upgrade to version 5.0.0 or later to resolve all known issues. Data sourced from OSV, enriched with EPSS exploit probability and CISA KEV.
Recommended safe version: 5.0.0
Upgrading to 5.0.0 or later resolves all 2 known vulnerabilities in express. Run: npm install express@5.0.0
Is express in your project?
Check if you're affected and upgrade to 5.0.0 to stay secure.
Vulnerabilities
2 unique vulnerabilities — sorted by severity. Click a CVE/GHSA ID for full details.
| CVE / GHSA | Severity | Affected | Fixed In |
|---|---|---|---|
| GHSA-rv95-896h-c2vc Express.js Open Redirect in malformed URLs | MODERATE | All versions | 4.19.2, 5.0.0-beta.3 |
| GHSA-qw6h-vgh9-j6wx express vulnerable to XSS via response.redirect() | LOW | All versions | 4.20.0, 5.0.0 |
About This Data
Vulnerability data for express is sourced from the Open Source Vulnerability (OSV) database, aggregating reports from GitHub Advisory Database, NIST NVD, and ecosystem-specific sources.
CVSS (Common Vulnerability Scoring System) scores reflect exploitability and impact. EPSS (Exploit Prediction Scoring System) scores indicate the probability of exploitation within the next 30 days. Vulnerabilities marked with are listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
Check Your Dependencies
Scan your project to check if you're using a vulnerable version of express.