nodejs
239 tracked vulnerabilities.
CVE-2026-48936
LOW
Node - Improper Access Control
Jun 26, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-48935
LOW
Node - Incorrect Default Permissions
Jun 26, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-48934
MEDIUM
Node.js 22.x < 22.22.3, 24.x < 24.16.0, 26.x < 26.3.0 - TLS Certificate Validation Bypass
Jun 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-48933
HIGH
Node - Integer Overflow or Wraparound
Jun 26, 2026
CVSS 7.5
EPSS 0.03
CVE-2026-48930
CRITICAL
Node - Improper Access Control
Jun 26, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-48928
MEDIUM
Node - Improper Access Control
Jun 26, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-48619
HIGH
Node - Uncontrolled Resource Consumption
Jun 26, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-48618
MEDIUM
Node - Improper Handling of Unicode Encoding
Jun 26, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-48615
HIGH
Node - Exposure of Private Personal Information to an Unauthorized Actor
Jun 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48931
LOW
Node - Time-of-check Time-of-use (TOCTOU) Race Condition
Jun 22, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-48937
MEDIUM
Node - Uncontrolled Resource Consumption
Jun 18, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-48617
LOW
Node - Improper Access Control
Jun 18, 2026
CVSS 1.8
EPSS 0.00
CVE-2026-9697
HIGH
undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent
Jun 17, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-9679
MEDIUM
undici vulnerable to HTTP header injection via Set-Cookie percent-decoding
Jun 17, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-9678
MEDIUM
undici vulnerable to cross-user information disclosure via shared cache whitespace bypass
Jun 17, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-6734
HIGH
undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse
Jun 17, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-6733
LOW
undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse
Jun 17, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-11525
LOW
undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching
Jun 17, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-9675
HIGH
undici WebSocket client vulnerable to denial of service via cumulative fragment bypass
Jun 17, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-12151
HIGH
undici WebSocket client vulnerable to denial of service via fragment count bypass
Jun 17, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-21717
MEDIUM
Node.js 20.x 22.x 24.x 25.x - Denial of Service via V8 String Hash Collision
Mar 30, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-21716
LOW
Node.js 20.20.1 22.22.1 24.14.0 25.8.1 - Missing Authorization in FileHandle Promise API
Mar 30, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-21715
LOW
Node.js 20.x-25.x - Privilege Escalation
Mar 30, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-21714
MEDIUM
Node.js 20.20.1 22.22.1 24.14.0 25.8.1 - Memory Leak via HTTP/2 WINDOW_UPDATE Frames
Mar 30, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-21713
MEDIUM
Node.js 20.x-20.20.1 22.x-22.22.1 24.x-24.14.0 25.x-25.8.1 - Observable Timing Discrepancy in HMAC Verification
Mar 30, 2026
CVSS 5.9
EPSS 0.00
Products
Quick Filters