nodejs

239 tracked vulnerabilities.

CVE-2021-3672 MEDIUM
c-ares 1.0.0-1.17.1 - Domain Hijacking via DNS Hostname Validation Bypass
Nov 23, 2021
CVSS 5.6
EPSS 0.03
CVE-2021-22930 CRITICAL
Node.js <16.6.0, 14.17.4, 12.22.4 - Use After Free
Oct 07, 2021
CVSS 9.8
EPSS 0.37
CVE-2021-22940 HIGH
Node.js <16.6.1, 14.17.5, 12.22.5 - Use After Free
Aug 16, 2021
CVSS 7.5
EPSS 0.14
CVE-2021-22939 MEDIUM
Node.js 12.0.0-12.22.4 and 16.0.0-16.6.1 - Improper Certificate Validation
Aug 16, 2021
CVSS 5.3
EPSS 0.15
CVE-2021-22931 CRITICAL
Node.js <16.6.0, 14.17.4, 12.22.4 - RCE
Aug 16, 2021
CVSS 9.8
EPSS 0.22
CVE-2021-22921 HIGH
Node.js <16.4.1,14.17.2,12.22.2 - Privilege Escalation
Jul 12, 2021
CVSS 7.8
EPSS 0.07
CVE-2021-22918 MEDIUM
Node.js <16.4.1,14.17.2,12.22.2 - Info Disclosure
Jul 12, 2021
CVSS 5.3
EPSS 0.23
CVE-2021-3450 HIGH
OpenSSL 1.1.1h-1.1.1j - Certificate Chain Validation Bypass via X509_V_FLAG_X509_STRICT
Mar 25, 2021
CVSS 7.4
EPSS 0.18
CVE-2021-3449 MEDIUM
Openssl < 1.1.1k - NULL Pointer Dereference
Mar 25, 2021
CVSS 5.9
EPSS 0.63
CVE-2021-22884 HIGH
Node.js <10.24.0, 12.21.0, 14.16.0, 15.10.0 - Info Disclosure
Mar 03, 2021
CVSS 7.5
EPSS 0.32
CVE-2021-22883 HIGH
Node.js <10.24.0,12.21.0,14.16.0,15.10.0 - DoS
Mar 03, 2021
CVSS 7.5
EPSS 0.77
CVE-2021-23840 HIGH
OpenSSL 1.0.2-1.0.2x and 1.1.1-1.1.1i - Integer Overflow in EVP_CipherUpdate
Feb 16, 2021
CVSS 7.5
EPSS 0.51
CVE-2020-8287 MEDIUM
Node.js <10.23.1, 12.20.1, 14.15.4, 15.5.1 - SSRF
Jan 06, 2021
CVSS 6.5
EPSS 0.16
CVE-2020-8265 HIGH
Node.js <10.23.1, 12.20.1, 14.15.4, 15.5.1 - Use After Free
Jan 06, 2021
CVSS 8.1
EPSS 0.09
CVE-2020-1971 MEDIUM
OpenSSL 1.0.2-1.0.2w and 1.1.1-1.1.1h - Denial of Service via EDIPARTYNAME NULL Pointer Dereference
Dec 08, 2020
CVSS 5.9
EPSS 0.07
CVE-2020-8277 HIGH
Node.js <15.2.1, <14.15.1, <12.19.1 - DoS
Nov 19, 2020
CVSS 7.5
EPSS 0.54
CVE-2020-8252 HIGH
libuv <10.22.1-14.9.0 - Buffer Overflow
Sep 18, 2020
CVSS 7.8
EPSS 0.01
CVE-2020-8251 HIGH
Node.js < 14.11.0 - Denial of Service via Delayed HTTP Request Submission
Sep 18, 2020
CVSS 7.5
EPSS 0.09
CVE-2020-8201 HIGH
Node.js < 12.18.4-14.11 - Open Redirect
Sep 18, 2020
CVSS 7.4
EPSS 0.05
CVE-2020-8174 HIGH
node <10.21.0, 12.18.0, 14.4.0 - Memory Corruption
Jul 24, 2020
CVSS 8.1
EPSS 0.08
CVE-2020-8172 HIGH
Node <12.18.0-14.4.0 - SSL/TLS Verification Bypass
Jun 08, 2020
CVSS 7.4
EPSS 0.06
CVE-2020-11080 LOW
nghttp2 < 1.41.0 - Denial of Service via Large HTTP/2 SETTINGS Frame Payload
Jun 03, 2020
CVSS 3.7
EPSS 0.05
CVE-2020-10531 HIGH
International Components for Unicode < 66.1 - Heap-Based Buffer Overflow via UnicodeString::doAppend() Integer Overflow
Mar 12, 2020
CVSS 8.8
EPSS 0.03
CVE-2019-15606 CRITICAL
Node.js 10.0.0-10.18.1, 13.0.0-13.7.0 - Authorization Bypass via HTTP Header Trailing Whitespace
Feb 07, 2020
CVSS 9.8
EPSS 0.20
CVE-2019-15605 CRITICAL
Node.js 10.0.0-10.18.9, 13.0.0-13.7.0 - HTTP Request Smuggling via Malformed Transfer-Encoding
Feb 07, 2020
CVSS 9.8
EPSS 0.57