Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nodejs nodejs vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-39331
A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined impl...
Nodejs Node.js
7.8
CVSSv2
CVE-2018-7162
All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages ...
Nodejs Node.js
4.3
CVSSv2
CVE-2013-7453
The validator module prior to 1.1.0 for Node.js allows remote malicious users to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.
Nodejs Node.js
NA
CVE-2022-35949
undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or `//...
Nodejs Undici
NA
CVE-2023-40340
Jenkins NodeJS Plugin 1.6.0 and previous versions does not properly mask (i.e., replace with asterisks) credentials specified in the Npm config file in Pipeline build logs.
Jenkins Nodejs
NA
CVE-2023-32558
The use of the deprecated API `process.binding()` can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x. Please note that at the time this CVE was issued, the permission model is an exp...
Nodejs Node.js
NA
CVE-2023-32559
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `pr...
Nodejs Node.js
6.4
CVSSv2
CVE-2017-15896
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentica...
Nodejs Node.js
4.3
CVSSv2
CVE-2017-15897
Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer imp...
Nodejs Node.js
NA
CVE-2023-30581
The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. P...
Nodejs Node.js
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »