Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nodejs vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2013-7453
The validator module prior to 1.1.0 for Node.js allows remote malicious users to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.
Nodejs Node.js
7.5
CVSSv3
CVE-2015-8855
The semver package prior to 4.3.2 for Node.js allows malicious users to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
Nodejs Node.js
7.5
CVSSv3
CVE-2015-8860
The tar package prior to 2.0.0 for Node.js allows remote malicious users to write to arbitrary files via a symlink attack in an archive.
Nodejs Node.js
7.5
CVSSv3
CVE-2023-30581
The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. P...
Nodejs Node.js
1 Github repository
5.3
CVSSv3
CVE-2023-30588
When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when acces...
Nodejs Node.js
7.5
CVSSv3
CVE-2023-30590
The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivat...
Nodejs Node.js
6.5
CVSSv3
CVE-2018-21270
Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).
Nodejs Node.js
7.5
CVSSv3
CVE-2023-40340
Jenkins NodeJS Plugin 1.6.0 and previous versions does not properly mask (i.e., replace with asterisks) credentials specified in the Npm config file in Pipeline build logs.
Jenkins Nodejs
6.1
CVSSv3
CVE-2014-9772
The validator package prior to 2.0.0 for Node.js allows remote malicious users to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
Nodejs Node.js
7.5
CVSSv3
CVE-2023-32558
The use of the deprecated API `process.binding()` can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x. Please note that at the time this CVE was issued, the permission model is an exp...
Nodejs Node.js
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »