nodejs
239 tracked vulnerabilities.
CVE-2018-7162
HIGH
Node.js 9.0.0-9.11.1 - Denial of Service via TLS Handshake Message Tampering
Jun 13, 2018
CVSS 7.5
EPSS 0.07
CVE-2018-7161
HIGH
Node.js 8.0.0-8.8.0, 8.9.0-8.11.2, 10.x - Denial of Service via HTTP/2 Cleanup Bug
Jun 13, 2018
CVSS 7.5
EPSS 0.08
CVE-2018-0732
HIGH
OpenSSL 1.0.2-1.0.2o and 1.1.0-1.1.0h - Denial of Service via Large DH Prime in TLS Handshake
Jun 12, 2018
CVSS 7.5
EPSS 0.49
CVE-2018-7160
HIGH
Node.js 6.0.0-6.8.0 and 6.9.0-6.13.1 - Remote Code Execution via DNS Rebinding Attack
May 17, 2018
CVSS 8.8
EPSS 0.10
CVE-2018-7159
MEDIUM
Node.js 4.0.0-4.1.1 and 4.2.0-4.8.9 - HTTP Request Smuggling via Content-Length Header Parsing
May 17, 2018
CVSS 5.3
EPSS 0.04
CVE-2018-7158
HIGH
Node.js 4.x - Denial of Service via Regular Expression in 'path' Module
May 17, 2018
CVSS 7.5
EPSS 0.03
CVE-2018-1000168
HIGH
nghttp2 1.10.0-1.31.0 - Denial of Service via ALTSVC Frame Handling
May 08, 2018
CVSS 7.5
EPSS 0.11
CVE-2017-16024
MEDIUM
sync-exec < 0.6.2 - Insecure Temporary File
Jun 04, 2018
CVSS 6.5
EPSS 0.03
CVE-2017-15897
LOW
Node.js 8.0.0-8.8.0 and 8.9.0-8.9.2 - Improper Buffer Initialization
Dec 11, 2017
CVSS 3.1
EPSS 0.02
CVE-2017-15896
CRITICAL
Node.js 4.0.0-4.1.1 and 4.2.0-4.8.6 - TLS Authentication Bypass via OpenSSL CVE-2017-3737
Dec 11, 2017
CVSS 9.1
EPSS 0.02
CVE-2017-3738
MEDIUM
AVX2 Montgomery multiplication - Buffer Overflow
Dec 07, 2017
CVSS 5.9
EPSS 0.13
CVE-2017-14919
HIGH
Node.js <4.8.5,6.x<6.11.5,8.x<8.8.0 - DoS
Oct 30, 2017
CVSS 7.5
EPSS 0.08
CVE-2017-14849
HIGH
NUCLEI
Node.js <8.6.0 - Directory Traversal
Sep 28, 2017
CVSS 7.5
EPSS 0.54
CVE-2017-11499
HIGH
Node.js 4.0-4.8.3 5.x 6.0-6.11.0 7.0-7.10.0 8.0-8.1.3 - Denial of Service via Hash Flooding
Jul 25, 2017
CVSS 7.5
EPSS 0.05
CVE-2017-1000381
HIGH
c-ares - Information Disclosure via NAPTR Response Parsing
Jul 07, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-3732
MEDIUM
OpenSSL <1.0.2k, 1.1.0<1.1.0d - Memory Corruption
May 04, 2017
CVSS 5.9
EPSS 0.16
CVE-2017-3731
HIGH
OpenSSL <1.1.0/1.0.2 - Use After Free
May 04, 2017
CVSS 7.5
EPSS 0.58
CVE-2016-9843
CRITICAL
zlib 1.2.0-1.2.8 - Unspecified Impact via Big-Endian CRC Calculation
May 23, 2017
CVSS 9.8
EPSS 0.06
CVE-2016-9842
HIGH
zlib 1.2.3.4-1.2.8 - Integer Overflow via Left Shift of Negative Integer
May 23, 2017
CVSS 8.8
EPSS 0.05
CVE-2016-9841
CRITICAL
zlib 1.2.0-1.2.8 - Use-After-Free in inffast.c
May 23, 2017
CVSS 9.8
EPSS 0.07
CVE-2016-9840
HIGH
zlib <1.2.8 - Info Disclosure
May 23, 2017
CVSS 8.8
EPSS 0.05
CVE-2016-7055
MEDIUM
OpenSSL 1.0.2-1.1.0c - Carry Propagating Bug in Montgomery Multiplication
May 04, 2017
CVSS 5.9
EPSS 0.14
CVE-2016-7099
MEDIUM
Node.js <4.6.0 - Man-in-the-Middle Attack
Oct 10, 2016
CVSS 5.9
EPSS 0.03
CVE-2016-5325
MEDIUM
Node.js HTTP Response Splitting via ServerResponse#writeHead
Oct 10, 2016
CVSS 6.1
EPSS 0.04
CVE-2016-5180
CRITICAL
c-ares < 1.12.0 - Heap-based Buffer Overflow via Escaped Trailing Dot in Hostname
Oct 03, 2016
CVSS 9.8
EPSS 0.09
Products
Quick Filters