Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nodejs node.js vulnerabilities and exploits
(subscribe to this query)
232
VMScore
CVE-2016-7055
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 prior to 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are imp...
Openssl Openssl
Nodejs Node.js
605
VMScore
CVE-2014-9748
The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv prior to 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows malicious users to cause a denial of service (deadlock) or possibly have unspecified other impa...
Libuv Libuv
Nodejs Node.js
NA
CVE-2023-39332
Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004)...
Nodejs Node.js
Fedoraproject Fedora 39
445
VMScore
CVE-2020-8251
Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.
Nodejs Node.js
Fedoraproject Fedora 33
446
VMScore
CVE-2019-5737
In Node.js including 6.x prior to 6.17.0, 8.x prior to 8.15.1, 10.x prior to 10.15.2, and 11.x prior to 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the conne...
Nodejs Node.js
Opensuse Leap 42.3
445
VMScore
CVE-2019-5739
Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and previous versions. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and previous versions is a pote...
Nodejs Node.js
Opensuse Leap 42.3
NA
CVE-2023-23920
An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an malicious user to search and potentially load ICU data when running with elevated privileges.
Nodejs Node.js
Debian Debian Linux 10.0
445
VMScore
CVE-2021-22918
Node.js prior to 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. ...
Nodejs Node.js
Siemens Sinec Infrastructure Network Services
392
VMScore
CVE-2021-22921
Node.js prior to 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an malicious user to perform two differen...
Nodejs Node.js
Siemens Sinec Infrastructure Network Services
356
VMScore
CVE-2017-16024
The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain ...
Sync-exec Project Sync-exec
Nodejs Node.js
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »