nodejs

219 tracked vulnerabilities.

CVE-2016-9840 HIGH
zlib <1.2.8 - Info Disclosure
May 23, 2017
CVSS 8.8
EPSS 0.10
CVE-2016-7055 MEDIUM
OpenSSL 1.0.2-1.1.0c - Carry Propagating Bug in Montgomery Multiplication
May 04, 2017
CVSS 5.9
EPSS 0.03
CVE-2016-7099 MEDIUM
Node.js <4.6.0 - Man-in-the-Middle Attack
Oct 10, 2016
CVSS 5.9
EPSS 0.01
CVE-2016-5325 MEDIUM
Node.js HTTP Response Splitting via ServerResponse#writeHead
Oct 10, 2016
CVSS 6.1
EPSS 0.01
CVE-2016-5180 CRITICAL
c-ares < 1.12.0 - Heap-based Buffer Overflow via Escaped Trailing Dot in Hostname
Oct 03, 2016
CVSS 9.8
EPSS 0.20
CVE-2016-7052 HIGH
Novell Suse Linux Enterprise Module F... - NULL Pointer Dereference
Sep 26, 2016
CVSS 7.5
EPSS 0.10
CVE-2016-6306 MEDIUM
OpenSSL < 1.0.1u and 1.0.2 < 1.0.2i - Denial of Service via Certificate Parser Out-of-bounds Read
Sep 26, 2016
CVSS 5.9
EPSS 0.08
CVE-2016-6304 HIGH
OpenSSL <1.0.1u, <1.0.2i, <1.1.0a - DoS
Sep 26, 2016
CVSS 7.5
EPSS 0.18
CVE-2016-5172 MEDIUM
Google Chrome < 53.0.2785.113 - Exposure of Sensitive Information via V8 Parser Scope Mishandling
Sep 25, 2016
CVSS 6.5
EPSS 0.01
CVE-2016-6303 CRITICAL
Node.js < 0.12.16 - Out-of-bounds Write in MDC2_Update
Sep 16, 2016
CVSS 9.8
EPSS 0.26
CVE-2016-2183 HIGH
Redhat Jboss Enterprise Application Platform - Information Disclosure
Sep 01, 2016
CVSS 7.5
EPSS 0.38
CVE-2016-3956 HIGH
npm <2.15.1,3.x <3.8.3 - Info Disclosure
Jul 02, 2016
CVSS 7.5
EPSS 0.03
CVE-2016-2178 MEDIUM
OpenSSL - Timing Side-Channel Attack in DSA Signing
Jun 20, 2016
CVSS 5.5
EPSS 0.00
CVE-2016-1669 HIGH
Google V8 <5.0.71.47 - Buffer Overflow
May 14, 2016
CVSS 8.8
EPSS 0.02
CVE-2016-2107 MEDIUM
Redhat Enterprise Linux Desktop < 1.0.1s - Information Disclosure
May 05, 2016
CVSS 5.9
EPSS 0.80
CVE-2016-2105 HIGH
Redhat Enterprise Linux Desktop < 5.6.30 - Integer Overflow
May 05, 2016
CVSS 7.5
EPSS 0.42
CVE-2016-2216 HIGH
Node.js HTTP Response Splitting via UTF-8 Encoded Unicode Characters
Apr 07, 2016
CVSS 7.5
EPSS 0.02
CVE-2016-2086 HIGH
Node.js 0.10.x < 0.10.42, 0.12.x < 0.12.10, 4.x < 4.3.0, 5.x < 5.6.0 - HTTP Request Smuggling via Content-Length Header
Apr 07, 2016
CVSS 7.5
EPSS 0.00
CVE-2016-0797 HIGH
OpenSSL 1.0.1-1.0.1s and 1.0.2-1.0.2g - Denial of Service via BN_dec2bn and BN_hex2bn Integer Overflow
Mar 03, 2016
CVSS 7.5
EPSS 0.34
CVE-2016-0702 MEDIUM
OpenSSL <1.0.1s-1.0.2g - Info Disclosure
Mar 03, 2016
CVSS 5.1
EPSS 0.00
CVE-2015-7384 HIGH
Node.js 4.0.0-4.1.1 - Denial of Service via Uncontrolled Resource Consumption
Oct 10, 2017
CVSS 7.5
EPSS 0.01
CVE-2015-2927 MEDIUM
node.js 0.3.2 and URONode < 1.0.5 - Denial of Service
Sep 20, 2017
CVSS 6.5
EPSS 0.01
CVE-2015-8860 HIGH
Nodejs Node.js < 1.8.4 - Symlink Following
Jan 23, 2017
CVSS 7.5
EPSS 0.00
CVE-2015-8855 HIGH
Nodejs Node.js < 4.3.1 - Resource Management Error
Jan 23, 2017
CVSS 7.5
EPSS 0.01
CVE-2015-8027 HIGH
Node.js <0.12.9, <4.2.3, <5.1.1 - DoS
Jan 02, 2016
CVSS 7.5
EPSS 0.01
Products
node.js 163 undici 22 Node 18 node 14 nodejs 4
Quick Filters
Critical CVEs With Exploits In CISA KEV