nodejs
239 tracked vulnerabilities.
CVE-2023-23918
HIGH
Node.js <19.6.1, <18.14.1, <16.19.1, <14.21.3 - Privilege Escalation
Feb 23, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-24807
HIGH
Undici < 5.19.1 - Regular Expression Denial of Service via Header Value Normalization
Feb 16, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-23936
MEDIUM
Undici <5.19.1 - CRLF Injection
Feb 16, 2023
CVSS 6.5
EPSS 0.01
CVE-2022-43548
HIGH
Node.js <14.21.1, <16.18.1, <18.12.1, <19.0.1 - Command Injection
Dec 05, 2022
CVSS 8.1
EPSS 0.14
CVE-2022-35256
MEDIUM
Node.js 14.0.0-14.13.1, 14.15.0-14.20.0 and llhttp < 6.0.10 - HTTP Request Smuggling via Header Field Parsing
Dec 05, 2022
CVSS 6.5
EPSS 0.03
CVE-2022-35255
CRITICAL
Node.js 15.0.0-15.13.0 and 16.13.0-16.17.0 - Weak Cryptographic Key Generation via WebCrypto EntropySource
Dec 05, 2022
CVSS 9.1
EPSS 0.02
CVE-2022-3786
HIGH
OpenSSL 3.0.0-3.0.7 - Buffer Overflow in X.509 Certificate Name Constraint Checking
Nov 01, 2022
CVSS 7.5
EPSS 0.92
CVE-2022-3602
HIGH
OpenSSL 3.0.0-3.0.6 - Buffer Overflow in X.509 Certificate Name Constraint Checking
Nov 01, 2022
CVSS 7.5
EPSS 0.91
CVE-2022-35948
MEDIUM
undici < 5.8.1 - CRLF Injection via Content-Type Header
Aug 15, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-35949
MEDIUM
undici <5.8.2 - Server-Side Request Forgery via pathname URL Confusion
Aug 12, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-31151
LOW
undici < 5.7.1 - Cookie Header Leakage on Cross-Origin Redirect
Jul 21, 2022
CVSS 3.7
EPSS 0.01
CVE-2022-31150
MEDIUM
undici < 5.8.0 - CRLF Injection in HTTP Headers
Jul 19, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-32223
HIGH
Node.js 14.0.0-14.13.1 and 14.14.0-14.19.3 - DLL Hijacking via OpenSSL Configuration Path
Jul 14, 2022
CVSS 7.3
EPSS 0.02
CVE-2022-32222
MEDIUM
Node.js 18.x < 18.40.0 - Cryptographic Configuration Path Vulnerability
Jul 14, 2022
CVSS 5.3
EPSS 0.02
CVE-2022-32215
MEDIUM
llhttp <14.20.1, <16.17.1, <18.9.1 - HTTP Request Smuggling via Multi-line Transfer-Encoding Header
Jul 14, 2022
CVSS 6.5
EPSS 0.69
CVE-2022-32214
MEDIUM
llhttp < 2.1.5 - HTTP Request Smuggling via CRLF Sequence Mismanagement
Jul 14, 2022
CVSS 6.5
EPSS 0.81
CVE-2022-32213
MEDIUM
llhttp < 2.1.5 - HTTP Request Smuggling via Transfer-Encoding Header
Jul 14, 2022
CVSS 6.5
EPSS 0.42
CVE-2022-32212
HIGH
Node.js <14.20.0, <16.20.0, <18.5.0 - OS Command Injection via IsAllowedHost Bypass
Jul 14, 2022
CVSS 8.1
EPSS 0.06
CVE-2022-32210
MEDIUM
Undici 4.8.2-5.5.0 - Improper Certificate Validation in ProxyAgent
Jul 14, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-0778
HIGH
OpenSSL 1.0.2-1.0.2zc, 1.1.1-1.1.1m, 3.0.0-3.0.1 - Denial of Service via BN_mod_sqrt Infinite Loop
Mar 15, 2022
CVSS 7.5
EPSS 0.71
CVE-2022-21824
HIGH
Node.js 12.0.0-12.22.8 and 17.0.0-17.3.0 - Prototype Pollution via console.table() Properties Parameter
Feb 24, 2022
CVSS 8.2
EPSS 0.22
CVE-2021-44533
MEDIUM
Node.js Certificate Validation Flaw via Multi-Value RDN
Feb 24, 2022
CVSS 5.3
EPSS 0.09
CVE-2021-44532
MEDIUM
Node.js < 12.22.9, < 14.18.3, < 16.13.2, < 17.3.1 - Code Injection
Feb 24, 2022
CVSS 5.3
EPSS 0.10
CVE-2021-44531
HIGH
Node.js < 12.22.9, < 14.18.3, < 16.13.2, < 17.3.1 - Improper Certificate Validation via URI SAN Type
Feb 24, 2022
CVSS 7.4
EPSS 0.08
CVE-2021-4044
HIGH
OpenSSL 3.0.0 - Infinite Loop via Certificate Verification Error Handling
Dec 14, 2021
CVSS 7.5
EPSS 0.50
Products
Quick Filters