nodejs

219 tracked vulnerabilities.

CVE-2022-21824 HIGH
Node.js 12.0.0-12.22.8 and 17.0.0-17.3.0 - Prototype Pollution via console.table() Properties Parameter
Feb 24, 2022
CVSS 8.2
EPSS 0.00
CVE-2021-44533 MEDIUM
Node.js Certificate Validation Flaw via Multi-Value RDN
Feb 24, 2022
CVSS 5.3
EPSS 0.00
CVE-2021-44532 MEDIUM
Node.js < 12.22.9, < 14.18.3, < 16.13.2, < 17.3.1 - Code Injection
Feb 24, 2022
CVSS 5.3
EPSS 0.00
CVE-2021-44531 HIGH
Node.js < 12.22.9, < 14.18.3, < 16.13.2, < 17.3.1 - Improper Certificate Validation via URI SAN Type
Feb 24, 2022
CVSS 7.4
EPSS 0.00
CVE-2021-4044 HIGH
OpenSSL 3.0.0 - Infinite Loop via Certificate Verification Error Handling
Dec 14, 2021
CVSS 7.5
EPSS 0.33
CVE-2021-3672 MEDIUM
c-ares 1.0.0-1.17.1 - Domain Hijacking via DNS Hostname Validation Bypass
Nov 23, 2021
CVSS 5.6
EPSS 0.00
CVE-2021-22930 CRITICAL
Node.js <16.6.0, 14.17.4, 12.22.4 - Use After Free
Oct 07, 2021
CVSS 9.8
EPSS 0.00
CVE-2021-22940 HIGH
Node.js <16.6.1, 14.17.5, 12.22.5 - Use After Free
Aug 16, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-22939 MEDIUM
Node.js 12.0.0-12.22.4 and 16.0.0-16.6.1 - Improper Certificate Validation
Aug 16, 2021
CVSS 5.3
EPSS 0.00
CVE-2021-22931 CRITICAL
Node.js <16.6.0, 14.17.4, 12.22.4 - RCE
Aug 16, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-22921 HIGH
Node.js <16.4.1,14.17.2,12.22.2 - Privilege Escalation
Jul 12, 2021
CVSS 7.8
EPSS 0.01
CVE-2021-22918 MEDIUM
Node.js <16.4.1,14.17.2,12.22.2 - Info Disclosure
Jul 12, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-3450 HIGH
OpenSSL 1.1.1h-1.1.1j - Certificate Chain Validation Bypass via X509_V_FLAG_X509_STRICT
Mar 25, 2021
CVSS 7.4
EPSS 0.01
CVE-2021-3449 MEDIUM
Openssl < 1.1.1k - NULL Pointer Dereference
Mar 25, 2021
CVSS 5.9
EPSS 0.10
CVE-2021-22884 HIGH
Node.js <10.24.0, 12.21.0, 14.16.0, 15.10.0 - Info Disclosure
Mar 03, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-22883 HIGH
Node.js <10.24.0,12.21.0,14.16.0,15.10.0 - DoS
Mar 03, 2021
CVSS 7.5
EPSS 0.89
CVE-2021-23840 HIGH
OpenSSL 1.0.2-1.0.2x and 1.1.1-1.1.1i - Integer Overflow in EVP_CipherUpdate
Feb 16, 2021
CVSS 7.5
EPSS 0.01
CVE-2020-8287 MEDIUM
Node.js <10.23.1, 12.20.1, 14.15.4, 15.5.1 - SSRF
Jan 06, 2021
CVSS 6.5
EPSS 0.12
CVE-2020-8265 HIGH
Node.js <10.23.1, 12.20.1, 14.15.4, 15.5.1 - Use After Free
Jan 06, 2021
CVSS 8.1
EPSS 0.01
CVE-2020-1971 MEDIUM
OpenSSL 1.0.2-1.0.2w and 1.1.1-1.1.1h - Denial of Service via EDIPARTYNAME NULL Pointer Dereference
Dec 08, 2020
CVSS 5.9
EPSS 0.00
CVE-2020-8277 HIGH
Node.js <15.2.1, <14.15.1, <12.19.1 - DoS
Nov 19, 2020
CVSS 7.5
EPSS 0.59
CVE-2020-8252 HIGH
libuv <10.22.1-14.9.0 - Buffer Overflow
Sep 18, 2020
CVSS 7.8
EPSS 0.00
CVE-2020-8251 HIGH
Node.js < 14.11.0 - Denial of Service via Delayed HTTP Request Submission
Sep 18, 2020
CVSS 7.5
EPSS 0.05
CVE-2020-8201 HIGH
Node.js < 12.18.4-14.11 - Open Redirect
Sep 18, 2020
CVSS 7.4
EPSS 0.01
CVE-2020-8174 HIGH
node <10.21.0, 12.18.0, 14.4.0 - Memory Corruption
Jul 24, 2020
CVSS 8.1
EPSS 0.01
Products
node.js 163 undici 22 Node 18 node 14 nodejs 4
Quick Filters
Critical CVEs With Exploits In CISA KEV