nodejs

239 tracked vulnerabilities.

CVE-2023-23918 HIGH
Node.js <19.6.1, <18.14.1, <16.19.1, <14.21.3 - Privilege Escalation
Feb 23, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-24807 HIGH
Undici < 5.19.1 - Regular Expression Denial of Service via Header Value Normalization
Feb 16, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-23936 MEDIUM
Undici <5.19.1 - CRLF Injection
Feb 16, 2023
CVSS 6.5
EPSS 0.01
CVE-2022-43548 HIGH
Node.js <14.21.1, <16.18.1, <18.12.1, <19.0.1 - Command Injection
Dec 05, 2022
CVSS 8.1
EPSS 0.14
CVE-2022-35256 MEDIUM
Node.js 14.0.0-14.13.1, 14.15.0-14.20.0 and llhttp < 6.0.10 - HTTP Request Smuggling via Header Field Parsing
Dec 05, 2022
CVSS 6.5
EPSS 0.03
CVE-2022-35255 CRITICAL
Node.js 15.0.0-15.13.0 and 16.13.0-16.17.0 - Weak Cryptographic Key Generation via WebCrypto EntropySource
Dec 05, 2022
CVSS 9.1
EPSS 0.02
CVE-2022-3786 HIGH
OpenSSL 3.0.0-3.0.7 - Buffer Overflow in X.509 Certificate Name Constraint Checking
Nov 01, 2022
CVSS 7.5
EPSS 0.92
CVE-2022-3602 HIGH
OpenSSL 3.0.0-3.0.6 - Buffer Overflow in X.509 Certificate Name Constraint Checking
Nov 01, 2022
CVSS 7.5
EPSS 0.91
CVE-2022-35948 MEDIUM
undici < 5.8.1 - CRLF Injection via Content-Type Header
Aug 15, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-35949 MEDIUM
undici <5.8.2 - Server-Side Request Forgery via pathname URL Confusion
Aug 12, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-31151 LOW
undici < 5.7.1 - Cookie Header Leakage on Cross-Origin Redirect
Jul 21, 2022
CVSS 3.7
EPSS 0.01
CVE-2022-31150 MEDIUM
undici < 5.8.0 - CRLF Injection in HTTP Headers
Jul 19, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-32223 HIGH
Node.js 14.0.0-14.13.1 and 14.14.0-14.19.3 - DLL Hijacking via OpenSSL Configuration Path
Jul 14, 2022
CVSS 7.3
EPSS 0.02
CVE-2022-32222 MEDIUM
Node.js 18.x < 18.40.0 - Cryptographic Configuration Path Vulnerability
Jul 14, 2022
CVSS 5.3
EPSS 0.02
CVE-2022-32215 MEDIUM
llhttp <14.20.1, <16.17.1, <18.9.1 - HTTP Request Smuggling via Multi-line Transfer-Encoding Header
Jul 14, 2022
CVSS 6.5
EPSS 0.69
CVE-2022-32214 MEDIUM
llhttp < 2.1.5 - HTTP Request Smuggling via CRLF Sequence Mismanagement
Jul 14, 2022
CVSS 6.5
EPSS 0.81
CVE-2022-32213 MEDIUM
llhttp < 2.1.5 - HTTP Request Smuggling via Transfer-Encoding Header
Jul 14, 2022
CVSS 6.5
EPSS 0.42
CVE-2022-32212 HIGH
Node.js <14.20.0, <16.20.0, <18.5.0 - OS Command Injection via IsAllowedHost Bypass
Jul 14, 2022
CVSS 8.1
EPSS 0.06
CVE-2022-32210 MEDIUM
Undici 4.8.2-5.5.0 - Improper Certificate Validation in ProxyAgent
Jul 14, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-0778 HIGH
OpenSSL 1.0.2-1.0.2zc, 1.1.1-1.1.1m, 3.0.0-3.0.1 - Denial of Service via BN_mod_sqrt Infinite Loop
Mar 15, 2022
CVSS 7.5
EPSS 0.71
CVE-2022-21824 HIGH
Node.js 12.0.0-12.22.8 and 17.0.0-17.3.0 - Prototype Pollution via console.table() Properties Parameter
Feb 24, 2022
CVSS 8.2
EPSS 0.22
CVE-2021-44533 MEDIUM
Node.js Certificate Validation Flaw via Multi-Value RDN
Feb 24, 2022
CVSS 5.3
EPSS 0.09
CVE-2021-44532 MEDIUM
Node.js < 12.22.9, < 14.18.3, < 16.13.2, < 17.3.1 - Code Injection
Feb 24, 2022
CVSS 5.3
EPSS 0.10
CVE-2021-44531 HIGH
Node.js < 12.22.9, < 14.18.3, < 16.13.2, < 17.3.1 - Improper Certificate Validation via URI SAN Type
Feb 24, 2022
CVSS 7.4
EPSS 0.08
CVE-2021-4044 HIGH
OpenSSL 3.0.0 - Infinite Loop via Certificate Verification Error Handling
Dec 14, 2021
CVSS 7.5
EPSS 0.50