nodejs

CVE-2024-21891 HIGH

Node.js 20.0.0-20.11.1 - Path Traversal via Permission Model Bypass

Feb 20, 2024

CVSS 8.8

EPSS 0.00

CVE-2024-21890 MEDIUM

Node.js 20.0.0-20.11.0 - Permission Model Bypass via Wildcard Path Misinterpretation

Feb 20, 2024

CVSS 6.5

EPSS 0.01

CVE-2024-24758 LOW

Undici < 5.28.3 - Exposure of Sensitive Information via Proxy-Authentication Header

Feb 16, 2024

CVSS 3.9

EPSS 0.00

CVE-2024-24750 MEDIUM

Undici 6.0.0-6.6.0 - Use-After-Free via Unconsumed Fetch Body

Feb 16, 2024

CVSS 6.5

EPSS 0.00

CVE-2023-46809 HIGH

Node.js < 18.19.1, 20.11.1, 21.6.2 - Covert Timing Channel via RSA Decryption with PKCS #1 v1.5 Padding

Sep 07, 2024

CVSS 7.4

EPSS 0.01

CVE-2023-39333 MEDIUM

Node.js < 18.18.2, 20.x < 20.8.1 - JavaScript Code Injection via WebAssembly Export Names

Sep 07, 2024

CVSS 5.3

EPSS 0.00

CVE-2023-30587 HIGH

Node.js < 20.3.1 - Permission Model Bypass via Inspector Worker Manipulation

Sep 07, 2024

CVSS 7.5

EPSS 0.00

CVE-2023-30584 HIGH

Node.js < 20.3.1 - Path Traversal Bypass in Experimental Permission Model

Sep 07, 2024

CVSS 7.7

EPSS 0.00

CVE-2023-30583 HIGH

Node.js < 20.3.1 - Permission Model Bypass via fs.openAsBlob()

Sep 07, 2024

CVSS 7.5

EPSS 0.00

CVE-2023-30582 MEDIUM

Node.js 20 < 20.3.1 - Unauthorized File Monitoring via fs.watchFile API

Sep 07, 2024

CVSS 5.3

EPSS 0.00

CVE-2023-30590 HIGH

Node.js 16.0.0-16.20.1 - Incomplete Diffie-Hellman Key Generation in crypto.createDiffieHellman()

Nov 28, 2023

CVSS 7.5

EPSS 0.01

CVE-2023-30588 MEDIUM

Node.js 16.0.0-16.20.1 - Denial of Service via Invalid Public Key in crypto.X509Certificate()

Nov 28, 2023

CVSS 5.3

EPSS 0.00

CVE-2023-30585 HIGH

Node.js 16.0.0-16.20.1 - Arbitrary Folder Creation via .msi Installer Repair Operation

Nov 28, 2023

CVSS 7.5

EPSS 0.02

CVE-2023-30581 HIGH

Node.js 16.0.0-16.20.1 - Authorization Bypass via __proto__ in process.mainModule

Nov 23, 2023

CVSS 7.5

EPSS 0.00

CVE-2023-39332 CRITICAL

Node.js 20.0.0-20.7.9 - Path Traversal via Uint8Array Path Handling

Oct 18, 2023

CVSS 9.8

EPSS 0.01

CVE-2023-39331 HIGH

Node.js 20.0.0-20.8.1 - Path Traversal via Experimental Permission Model

Oct 18, 2023

CVSS 7.5

EPSS 0.01

CVE-2023-38552 HIGH

Node.js 18.0.0-18.18.0 and 20.x - Policy Integrity Check Bypass via Forged Checksum

Oct 18, 2023

CVSS 7.5

EPSS 0.00

CVE-2023-45143 LOW

Undici < 5.26.2 - Cookie Header Leakage on Cross-Origin Redirects

Oct 12, 2023

CVSS 3.9

EPSS 0.00

CVE-2023-44487 HIGH KEV

HTTP/2 - Denial of Service via Rapid Stream Reset

Oct 10, 2023

CVSS 7.5

EPSS 0.94

CVE-2023-32558 HIGH

Node.js 20.0.0-20.5.1 - Permission Model Bypass via process.binding() Path Traversal

Sep 12, 2023

CVSS 7.5

EPSS 0.00

CVE-2023-32005 MEDIUM

Node.js 20.0.0-20.5.0 - Unauthorized File Stats Access via fs.statfs API

Sep 12, 2023

CVSS 5.3

EPSS 0.01

CVE-2023-32559 HIGH

Node.js 16.x-20.x - Privilege Escalation via Policy Mechanism Bypass

Aug 24, 2023

CVSS 7.5

EPSS 0.00

CVE-2023-32002 CRITICAL

Node.js 16.0.0-16.20.1 - Policy Mechanism Bypass via Module._load()

Aug 21, 2023

CVSS 9.8

EPSS 0.00

CVE-2023-32006 HIGH

Node.js 16.x-20.x - Policy Mechanism Bypass via module.constructor.createRequire()

Aug 15, 2023

CVSS 8.8

EPSS 0.00

CVE-2023-32004 HIGH

Node.js 20.0.0-20.4.9 - Path Traversal in Experimental Permission Model

Aug 15, 2023

CVSS 8.8

EPSS 0.00