Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node.js vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-32222
A cryptographic vulnerability exists on Node.js on linux in versions of 18.x before 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to O...
Nodejs Node.js
Siemens Sinec Ins 1.0
Siemens Sinec Ins
1 Github repository
NA
CVE-2022-2237
A flaw was found in the Keycloak Node.js Adapter. This flaw allows an malicious user to benefit from an Open Redirect vulnerability in the checkSso function.
Redhat Single Sign-on 7.0
Redhat Keycloak Node.js Adapter -
695
VMScore
CVE-2019-9512
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consum...
Apple Swiftnio
Apache Traffic Server
Debian Debian Linux 10.0
Nodejs Node.js
2 Github repositories
1 Article
NA
CVE-2023-38552
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerab...
Nodejs Node.js
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
NA
CVE-2022-32214
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
Llhttp Llhttp
Nodejs Node.js
Debian Debian Linux 11.0
Stormshield Stormshield Management Center
NA
CVE-2021-32050
Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an...
Mongodb C\\+\\+
Mongodb Node.js
Mongodb Swift Driver
Mongodb Php Driver
Mongodb C Driver
NA
CVE-2022-35255
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() alwa...
Nodejs Node.js
Siemens Sinec Ins 1.0
Siemens Sinec Ins
Debian Debian Linux 11.0
668
VMScore
CVE-2021-22930
Node.js prior to 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
Nodejs Node.js
Netapp Nextgen Api -
Siemens Sinec Infrastructure Network Services
Debian Debian Linux 10.0
605
VMScore
CVE-2015-2927
node 0.3.2 and URONode prior to 1.0.5r3 allows remote malicious users to cause a denial of service (bandwidth consumption).
Uronode Uro Node
Nodejs Node.js 0.3.2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
NA
CVE-2022-35256
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
Nodejs Node.js
Llhttp Llhttp
Siemens Sinec Ins 1.0
Siemens Sinec Ins
Debian Debian Linux 11.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »