Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nodejs vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-7191
The qs module prior to 1.0.0 in Node.js does not call the compact function for array data, which allows remote malicious users to cause a denial of service (memory consumption) by using a large index value to create a sparse array.
Nodejs Node.js
7.5
CVSSv3
CVE-2023-24807
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular...
Nodejs Undici
7.5
CVSSv3
CVE-2023-23919
A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that...
Nodejs Node.js
9.8
CVSSv3
CVE-2023-32002
The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note th...
Nodejs Node.js
5.3
CVSSv3
CVE-2023-32005
A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file stats through the `fs.stat...
Nodejs Node.js
6.5
CVSSv3
CVE-2022-32210
`Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS r...
Nodejs Undici
7.3
CVSSv3
CVE-2022-32223
Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\...
Nodejs Node.js
1 Github repository
6.1
CVSSv3
CVE-2013-7451
The validator module prior to 1.1.0 for Node.js allows remote malicious users to bypass the XSS filter via a nested tag.
Nodejs Node.js 1.0.4
8.8
CVSSv3
CVE-2020-7596
Codecov npm module prior to 3.6.2 allows remote malicious users to execute arbitrary commands via the "gcov-args" argument.
Codecov Nodejs Uploader
7.5
CVSSv3
CVE-2017-14849
Node.js 8.5.0 prior to 8.6.0 allows remote malicious users to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
Nodejs Node.js 8.5.0
6 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »