Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / nodejs

nodejs

219 tracked vulnerabilities.

CVE-2023-32003 MEDIUM

Node.js 20.0.0-20.4.9 - Path Traversal via fs.mkdtemp()

CVE-2023-30589 HIGH

Node.js 16.0.0-16.20.1 - HTTP Request Smuggling via CR Delimiter in llhttp Parser

CVE-2023-30586 HIGH

Node.js 20.0.0-20.3.0 - Privilege Escalation via OpenSSL Engine Loading

CVE-2023-23920 MEDIUM

Node.js <19.6.1-<14.21.3 - Privilege Escalation

CVE-2023-23919 HIGH

Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 - DoS

CVE-2023-23918 HIGH

Node.js <19.6.1, <18.14.1, <16.19.1, <14.21.3 - Privilege Escalation

CVE-2023-24807 HIGH

Undici < 5.19.1 - Regular Expression Denial of Service via Header Value Normalization

CVE-2023-23936 MEDIUM

Undici <5.19.1 - CRLF Injection

CVE-2022-43548 HIGH

Node.js <14.21.1, <16.18.1, <18.12.1, <19.0.1 - Command Injection

CVE-2022-35256 MEDIUM

Node.js 14.0.0-14.13.1, 14.15.0-14.20.0 and llhttp < 6.0.10 - HTTP Request Smuggling via Header Field Parsing

CVE-2022-35255 CRITICAL

Node.js 15.0.0-15.13.0 and 16.13.0-16.17.0 - Weak Cryptographic Key Generation via WebCrypto EntropySource

CVE-2022-3786 HIGH

OpenSSL 3.0.0-3.0.7 - Buffer Overflow in X.509 Certificate Name Constraint Checking

CVE-2022-3602 HIGH

OpenSSL 3.0.0-3.0.6 - Buffer Overflow in X.509 Certificate Name Constraint Checking

CVE-2022-35948 MEDIUM

undici < 5.8.1 - CRLF Injection via Content-Type Header

CVE-2022-35949 MEDIUM

undici <5.8.2 - Server-Side Request Forgery via pathname URL Confusion

CVE-2022-31151 LOW

undici < 5.7.1 - Cookie Header Leakage on Cross-Origin Redirect

CVE-2022-31150 MEDIUM

undici < 5.8.0 - CRLF Injection in HTTP Headers

CVE-2022-32223 HIGH

Node.js 14.0.0-14.13.1 and 14.14.0-14.19.3 - DLL Hijacking via OpenSSL Configuration Path

CVE-2022-32222 MEDIUM

Node.js 18.x < 18.40.0 - Cryptographic Configuration Path Vulnerability

CVE-2022-32215 MEDIUM

llhttp <14.20.1, <16.17.1, <18.9.1 - HTTP Request Smuggling via Multi-line Transfer-Encoding Header

CVE-2022-32214 MEDIUM

llhttp < 2.1.5 - HTTP Request Smuggling via CRLF Sequence Mismanagement

CVE-2022-32213 MEDIUM

llhttp < 2.1.5 - HTTP Request Smuggling via Transfer-Encoding Header

CVE-2022-32212 HIGH

Node.js <14.20.0, <16.20.0, <18.5.0 - OS Command Injection via IsAllowedHost Bypass

CVE-2022-32210 MEDIUM

Undici 4.8.2-5.5.0 - Improper Certificate Validation in ProxyAgent

CVE-2022-0778 HIGH

OpenSSL 1.0.2-1.0.2zc, 1.1.1-1.1.1m, 3.0.0-3.0.1 - Denial of Service via BN_mod_sqrt Infinite Loop

Previous Page 4 of 9 Next

Products

node.js 163 undici 22 Node 18 node 14 nodejs 4

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy