Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nodejs node.js vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-7164
Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial o...
Nodejs Node.js
5
CVSSv2
CVE-2018-7158
The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expressio...
Nodejs Node.js
5
CVSSv2
CVE-2018-1000168
nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerabil...
Nghttp2 Nghttp2
Nodejs Node.js
Debian Debian Linux 9.0
5
CVSSv2
CVE-2017-14919
Node.js prior to 4.8.5, 6.x prior to 6.11.5, and 8.x prior to 8.8.0 allows remote malicious users to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.
Nodejs Node.js 4.8.3
Nodejs Node.js 4.8.4
Nodejs Node.js 6.10.2
Nodejs Node.js 6.10.3
Nodejs Node.js 8.3.0
Nodejs Node.js 8.4.0
Nodejs Node.js 8.5.0
Nodejs Node.js 8.6.0
Nodejs Node.js 6.11.1
Nodejs Node.js 6.11.3
Nodejs Node.js 8.1.2
Nodejs Node.js 8.1.4
Nodejs Node.js 8.2.1
Nodejs Node.js 8.7.0
Nodejs Node.js 6.11.4
Nodejs Node.js 8.0.0
Nodejs Node.js 8.1.0
Nodejs Node.js 8.1.1
Nodejs Node.js 4.8.2
Nodejs Node.js 6.11.0
Nodejs Node.js 6.11.2
Nodejs Node.js 8.1.3
5
CVSSv2
CVE-2014-3744
Directory traversal vulnerability in the st module prior to 0.2.5 for Node.js allows remote malicious users to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.
Nodejs Node.js
5
CVSSv2
CVE-2015-7384
Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote malicious users to cause a denial of service.
Nodejs Node.js 4.0.0
Nodejs Node.js 4.1.0
Nodejs Node.js 4.1.1
1 Github repository
5
CVSSv2
CVE-2017-14849
Node.js 8.5.0 prior to 8.6.0 allows remote malicious users to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
Nodejs Node.js 8.5.0
6 Github repositories
5
CVSSv2
CVE-2017-11499
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building ...
Nodejs Node.js 8.0.0
Nodejs Node.js 7.0.0
Nodejs Node.js 7.4.0
Nodejs Node.js 7.5.0
Nodejs Node.js 7.9.0
Nodejs Node.js 6.0.0
Nodejs Node.js 6.11.1
Nodejs Node.js 6.2.0
Nodejs Node.js 6.6.0
Nodejs Node.js 6.7.0
Nodejs Node.js 6.9.5
Nodejs Node.js 5.0.0
Nodejs Node.js 5.12.0
Nodejs Node.js 5.2.0
Nodejs Node.js 5.7.1
Nodejs Node.js 5.8.0
Nodejs Node.js 4.2.1
Nodejs Node.js 4.2.2
Nodejs Node.js 4.3.2
Nodejs Node.js 4.4.0
Nodejs Node.js 4.4.7
Nodejs Node.js 4.5.0
5
CVSSv2
CVE-2015-8860
The tar package prior to 2.0.0 for Node.js allows remote malicious users to write to arbitrary files via a symlink attack in an archive.
Nodejs Node.js
5
CVSSv2
CVE-2016-3956
The CLI in npm prior to 2.15.1 and 3.x prior to 3.8.3, as used in Node.js 0.10 prior to 0.10.44, 0.12 prior to 0.12.13, 4 prior to 4.4.2, and 5 prior to 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by rea...
Ibm Sdk
Nodejs Node.js 5.6.0
Nodejs Node.js 4.4.0
Nodejs Node.js 4.3.2
Nodejs Node.js 4.3.1
Nodejs Node.js 5.2.0
Nodejs Node.js 5.1.0
Nodejs Node.js 4.2.1
Nodejs Node.js 4.1.2
Nodejs Node.js 0.12.8
Nodejs Node.js 0.12.6
Nodejs Node.js 0.10.9
Nodejs Node.js 0.10.7
Nodejs Node.js 0.10.38
Nodejs Node.js 0.10.36
Nodejs Node.js 0.10.31
Nodejs Node.js 0.10.3
Nodejs Node.js 0.10.23
Nodejs Node.js 0.10.21
Nodejs Node.js 0.10.16
Nodejs Node.js 0.10.14
Nodejs Node.js 0.10.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »