graphql-upload-minimal, a Node.js package for handling GraphQL file uploads, carries one CVE in this period’s cluster. File upload handling components are a common attack surface for server-side request forgery, path traversal, and malicious file processing. Organizations using this package should apply patches and review file upload validation controls in dependent applications.