Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / nodejs

nodejs

219 tracked vulnerabilities.

CVE-2026-21717 MEDIUM

Node.js 20.x 22.x 24.x 25.x - Denial of Service via V8 String Hash Collision

CVE-2026-21716 LOW

Node.js 20.20.1 22.22.1 24.14.0 25.8.1 - Missing Authorization in FileHandle Promise API

CVE-2026-21715 LOW

Node.js 20.x-25.x - Privilege Escalation

CVE-2026-21714 MEDIUM

Node.js 20.20.1 22.22.1 24.14.0 25.8.1 - Memory Leak via HTTP/2 WINDOW_UPDATE Frames

CVE-2026-21713 MEDIUM

Node.js 20.x-20.20.1 22.x-22.22.1 24.x-24.14.0 25.x-25.8.1 - Observable Timing Discrepancy in HMAC Verification

CVE-2026-21711 MEDIUM

Node.js 25.x - Privilege Escalation

CVE-2026-21710 HIGH

Node.js 20.x 22.x 24.x 25.x - Denial of Service via __proto__ Header Handling

CVE-2026-21712 MEDIUM

Node.js 24.14.0 and 25.8.1 - Denial of Service via Malformed IDN in url.format()

CVE-2026-2581 MEDIUM

Undici 6.24.0-7.23.9 - Denial of Service via Deduplication Interceptor Memory Accumulation

CVE-2026-2229 HIGH

undici < 6.24.0 and 7.0.0-7.24.0 - Denial of Service via Invalid server_max_window_bits Parameter

CVE-2026-1528 HIGH

undici 6.0.0-6.23.9 7.0.0-7.23.9 - Denial of Service via WebSocket Frame Length Overflow

CVE-2026-1527 MEDIUM

undici < 6.24.0 and 7.0.0-7.23.9 - HTTP Request Smuggling via CRLF Injection in Upgrade Header

CVE-2026-1526 HIGH

undici < 6.24.0 and 7.0.0-7.24.0 - Denial of Service via PerMessageDeflate Decompression Bomb

CVE-2026-1525 MEDIUM

Undici < 6.24.0 - HTTP Request Smuggling via Duplicate Content-Length Headers

CVE-2026-21637 HIGH

Node.js 4.0.0-19.9.0 - Denial of Service via TLS PSK/ALPN Callback Exception Bypass

CVE-2026-21636 CRITICAL

Node.js 25.0.0-25.2.9 - Improper Access Control via Unix Domain Socket Connection Bypass

CVE-2026-22036 MEDIUM

Undici < 6.23.0 and 7.0.0-7.17.2 - Denial of Service via Decompression Chain Exhaustion

CVE-2025-59466 HIGH

Node.js 20.0.0-20.19.1 - Denial of Service via Uncatchable Stack Overflow in async_hooks

CVE-2025-59465 HIGH

Node.js 20.0.0-20.19.1 - Denial of Service via Malformed HTTP/2 HEADERS Frame

CVE-2025-59464 HIGH

Node.js 24.0.0-24.11.9 - Denial of Service via TLS Certificate Field Memory Leak

CVE-2025-55132 MEDIUM

Node.js 20.0.0-20.19.1 - Incorrect Default Permissions via futimes()

CVE-2025-55131 HIGH

Node.js 4.0-25.2.0 - Uninitialized Memory Exposure via Buffer Allocation Interruption

CVE-2025-55130 CRITICAL

Node.js 20.0.0-20.19.1 - Authentication Bypass via Symlink Path Traversal

CVE-2025-27210 HIGH

Node.js 20.0.0-20.19.3, 22.0.0-22.17.0, 24.0.0-24.4.0 - Path Traversal via Windows Device Names in path.join

CVE-2025-27209 HIGH

Node.js 24.0.0-24.4.0 - Denial of Service via Hash Collision in String Hashing

Page 1 of 9 Next

Products

node.js 163 undici 22 Node 18 node 14 nodejs 4

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy