nodejs

219 tracked vulnerabilities.

CVE-2018-0735 MEDIUM
OpenSSL 1.1.0-1.1.0i and 1.1.1 - Timing Side Channel Attack in ECDSA Signature Algorithm
Oct 29, 2018
CVSS 5.9
EPSS 0.05
CVE-2018-7166 HIGH
Node.js 10 <10.9.0 - Buffer Overflow
Aug 21, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-12115 HIGH
Node.js <6.14.4,8.11.4,10.9.0 - Memory Corruption
Aug 21, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-7167 HIGH
Node.js 6.9.0-6.14.2 and 9.0.0-9.11.1 - Denial of Service via Buffer.fill() or Buffer.alloc()
Jun 13, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-7164 HIGH
Node.js 9.7.0-9.11.2 - Denial of Service via net.Socket Stream Memory Consumption
Jun 13, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-7162 HIGH
Node.js 9.0.0-9.11.1 - Denial of Service via TLS Handshake Message Tampering
Jun 13, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-7161 HIGH
Node.js 8.0.0-8.8.0, 8.9.0-8.11.2, 10.x - Denial of Service via HTTP/2 Cleanup Bug
Jun 13, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-0732 HIGH
OpenSSL 1.0.2-1.0.2o and 1.1.0-1.1.0h - Denial of Service via Large DH Prime in TLS Handshake
Jun 12, 2018
CVSS 7.5
EPSS 0.78
CVE-2018-7160 HIGH
Node.js 6.0.0-6.8.0 and 6.9.0-6.13.1 - Remote Code Execution via DNS Rebinding Attack
May 17, 2018
CVSS 8.8
EPSS 0.02
CVE-2018-7159 MEDIUM
Node.js 4.0.0-4.1.1 and 4.2.0-4.8.9 - HTTP Request Smuggling via Content-Length Header Parsing
May 17, 2018
CVSS 5.3
EPSS 0.01
CVE-2018-7158 HIGH
Node.js 4.x - Denial of Service via Regular Expression in 'path' Module
May 17, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-1000168 HIGH
nghttp2 1.10.0-1.31.0 - Denial of Service via ALTSVC Frame Handling
May 08, 2018
CVSS 7.5
EPSS 0.03
CVE-2017-16024 MEDIUM
sync-exec < 0.6.2 - Insecure Temporary File
Jun 04, 2018
CVSS 6.5
EPSS 0.00
CVE-2017-15897 LOW
Node.js 8.0.0-8.8.0 and 8.9.0-8.9.2 - Improper Buffer Initialization
Dec 11, 2017
CVSS 3.1
EPSS 0.01
CVE-2017-15896 CRITICAL
Node.js 4.0.0-4.1.1 and 4.2.0-4.8.6 - TLS Authentication Bypass via OpenSSL CVE-2017-3737
Dec 11, 2017
CVSS 9.1
EPSS 0.00
CVE-2017-3738 MEDIUM
AVX2 Montgomery multiplication - Buffer Overflow
Dec 07, 2017
CVSS 5.9
EPSS 0.16
CVE-2017-14919 HIGH
Node.js <4.8.5,6.x<6.11.5,8.x<8.8.0 - DoS
Oct 30, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-14849 HIGH NUCLEI
Node.js <8.6.0 - Directory Traversal
Sep 28, 2017
CVSS 7.5
EPSS 0.90
CVE-2017-11499 HIGH
Node.js 4.0-4.8.3 5.x 6.0-6.11.0 7.0-7.10.0 8.0-8.1.3 - Denial of Service via Hash Flooding
Jul 25, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-1000381 HIGH
c-ares - Information Disclosure via NAPTR Response Parsing
Jul 07, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-3732 MEDIUM
OpenSSL <1.0.2k, 1.1.0<1.1.0d - Memory Corruption
May 04, 2017
CVSS 5.9
EPSS 0.05
CVE-2017-3731 HIGH
OpenSSL <1.1.0/1.0.2 - Use After Free
May 04, 2017
CVSS 7.5
EPSS 0.09
CVE-2016-9843 CRITICAL
zlib 1.2.0-1.2.8 - Unspecified Impact via Big-Endian CRC Calculation
May 23, 2017
CVSS 9.8
EPSS 0.12
CVE-2016-9842 HIGH
zlib 1.2.3.4-1.2.8 - Integer Overflow via Left Shift of Negative Integer
May 23, 2017
CVSS 8.8
EPSS 0.10
CVE-2016-9841 CRITICAL
zlib 1.2.0-1.2.8 - Use-After-Free in inffast.c
May 23, 2017
CVSS 9.8
EPSS 0.14
Products
node.js 163 undici 22 Node 18 node 14 nodejs 4
Quick Filters
Critical CVEs With Exploits In CISA KEV