nodejs
239 tracked vulnerabilities.
CVE-2023-39333
MEDIUM
Node.js < 18.18.2, 20.x < 20.8.1 - JavaScript Code Injection via WebAssembly Export Names
Sep 07, 2024
CVSS 5.3
EPSS 0.01
CVE-2023-30587
HIGH
Node.js < 20.3.1 - Permission Model Bypass via Inspector Worker Manipulation
Sep 07, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-30584
HIGH
Node.js < 20.3.1 - Path Traversal Bypass in Experimental Permission Model
Sep 07, 2024
CVSS 7.7
EPSS 0.00
CVE-2023-30583
HIGH
Node.js < 20.3.1 - Permission Model Bypass via fs.openAsBlob()
Sep 07, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-30582
MEDIUM
Node.js 20 < 20.3.1 - Unauthorized File Monitoring via fs.watchFile API
Sep 07, 2024
CVSS 5.3
EPSS 0.01
CVE-2023-30590
HIGH
Node.js 16.0.0-16.20.1 - Incomplete Diffie-Hellman Key Generation in crypto.createDiffieHellman()
Nov 28, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-30588
MEDIUM
Node.js 16.0.0-16.20.1 - Denial of Service via Invalid Public Key in crypto.X509Certificate()
Nov 28, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-30585
HIGH
Node.js 16.0.0-16.20.1 - Arbitrary Folder Creation via .msi Installer Repair Operation
Nov 28, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-30581
HIGH
Node.js 16.0.0-16.20.1 - Authorization Bypass via __proto__ in process.mainModule
Nov 23, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-39332
CRITICAL
Node.js 20.0.0-20.7.9 - Path Traversal via Uint8Array Path Handling
Oct 18, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-39331
HIGH
Node.js 20.0.0-20.8.1 - Path Traversal via Experimental Permission Model
Oct 18, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-38552
HIGH
Node.js 18.0.0-18.18.0 and 20.x - Policy Integrity Check Bypass via Forged Checksum
Oct 18, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-45143
LOW
Undici < 5.26.2 - Cookie Header Leakage on Cross-Origin Redirects
Oct 12, 2023
CVSS 3.9
EPSS 0.01
CVE-2023-44487
HIGH
KEV
HTTP/2 - Denial of Service via Rapid Stream Reset
Oct 10, 2023
CVSS 7.5
EPSS 1.00
CVE-2023-32558
HIGH
Node.js 20.0.0-20.5.1 - Permission Model Bypass via process.binding() Path Traversal
Sep 12, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-32005
MEDIUM
Node.js 20.0.0-20.5.0 - Unauthorized File Stats Access via fs.statfs API
Sep 12, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-32559
HIGH
Node.js 16.x-20.x - Privilege Escalation via Policy Mechanism Bypass
Aug 24, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-32002
CRITICAL
Node.js 16.0.0-16.20.1 - Policy Mechanism Bypass via Module._load()
Aug 21, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-32006
HIGH
Node.js 16.x-20.x - Policy Mechanism Bypass via module.constructor.createRequire()
Aug 15, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-32004
HIGH
Node.js 20.0.0-20.4.9 - Path Traversal in Experimental Permission Model
Aug 15, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-32003
MEDIUM
Node.js 20.0.0-20.4.9 - Path Traversal via fs.mkdtemp()
Aug 15, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-30589
HIGH
Node.js 16.0.0-16.20.1 - HTTP Request Smuggling via CR Delimiter in llhttp Parser
Jul 01, 2023
CVSS 7.5
EPSS 0.04
CVE-2023-30586
HIGH
Node.js 20.0.0-20.3.0 - Privilege Escalation via OpenSSL Engine Loading
Jul 01, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-23920
MEDIUM
Node.js <19.6.1-<14.21.3 - Privilege Escalation
Feb 23, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-23919
HIGH
Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 - DoS
Feb 23, 2023
CVSS 7.5
EPSS 0.02
Products
Quick Filters