Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nodejs node.js vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-7158
The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expressio...
Nodejs Node.js
7.5
CVSSv3
CVE-2018-1000168
nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerabil...
Nghttp2 Nghttp2
Nodejs Node.js
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2017-14919
Node.js prior to 4.8.5, 6.x prior to 6.11.5, and 8.x prior to 8.8.0 allows remote malicious users to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.
Nodejs Node.js 4.8.3
Nodejs Node.js 4.8.4
Nodejs Node.js 6.10.2
Nodejs Node.js 6.10.3
Nodejs Node.js 8.3.0
Nodejs Node.js 8.4.0
Nodejs Node.js 8.5.0
Nodejs Node.js 8.6.0
Nodejs Node.js 6.11.1
Nodejs Node.js 6.11.3
Nodejs Node.js 8.1.2
Nodejs Node.js 8.1.4
Nodejs Node.js 8.2.1
Nodejs Node.js 8.7.0
Nodejs Node.js 6.11.4
Nodejs Node.js 8.0.0
Nodejs Node.js 8.1.0
Nodejs Node.js 8.1.1
Nodejs Node.js 4.8.2
Nodejs Node.js 6.11.0
Nodejs Node.js 6.11.2
Nodejs Node.js 8.1.3
7.5
CVSSv3
CVE-2014-3744
Directory traversal vulnerability in the st module prior to 0.2.5 for Node.js allows remote malicious users to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.
Nodejs Node.js
7.5
CVSSv3
CVE-2015-7384
Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote malicious users to cause a denial of service.
Nodejs Node.js 4.0.0
Nodejs Node.js 4.1.0
Nodejs Node.js 4.1.1
1 Github repository
7.5
CVSSv3
CVE-2017-14849
Node.js 8.5.0 prior to 8.6.0 allows remote malicious users to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
Nodejs Node.js 8.5.0
6 Github repositories
7.5
CVSSv3
CVE-2017-11499
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building ...
Nodejs Node.js 8.0.0
Nodejs Node.js 7.0.0
Nodejs Node.js 7.4.0
Nodejs Node.js 7.5.0
Nodejs Node.js 7.9.0
Nodejs Node.js 6.0.0
Nodejs Node.js 6.11.1
Nodejs Node.js 6.2.0
Nodejs Node.js 6.6.0
Nodejs Node.js 6.7.0
Nodejs Node.js 6.9.5
Nodejs Node.js 5.0.0
Nodejs Node.js 5.12.0
Nodejs Node.js 5.2.0
Nodejs Node.js 5.7.1
Nodejs Node.js 5.8.0
Nodejs Node.js 4.2.1
Nodejs Node.js 4.2.2
Nodejs Node.js 4.3.2
Nodejs Node.js 4.4.0
Nodejs Node.js 4.4.7
Nodejs Node.js 4.5.0
7.5
CVSSv3
CVE-2015-8855
The semver package prior to 4.3.2 for Node.js allows malicious users to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
Nodejs Node.js
7.5
CVSSv3
CVE-2015-8860
The tar package prior to 2.0.0 for Node.js allows remote malicious users to write to arbitrary files via a symlink attack in an archive.
Nodejs Node.js
7.5
CVSSv3
CVE-2016-3956
The CLI in npm prior to 2.15.1 and 3.x prior to 3.8.3, as used in Node.js 0.10 prior to 0.10.44, 0.12 prior to 0.12.13, 4 prior to 4.4.2, and 5 prior to 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by rea...
Ibm Sdk
Nodejs Node.js 5.6.0
Nodejs Node.js 4.4.0
Nodejs Node.js 4.3.2
Nodejs Node.js 4.3.1
Nodejs Node.js 5.2.0
Nodejs Node.js 5.1.0
Nodejs Node.js 4.2.1
Nodejs Node.js 4.1.2
Nodejs Node.js 0.12.8
Nodejs Node.js 0.12.6
Nodejs Node.js 0.10.9
Nodejs Node.js 0.10.7
Nodejs Node.js 0.10.38
Nodejs Node.js 0.10.36
Nodejs Node.js 0.10.31
Nodejs Node.js 0.10.3
Nodejs Node.js 0.10.23
Nodejs Node.js 0.10.21
Nodejs Node.js 0.10.16
Nodejs Node.js 0.10.14
Nodejs Node.js 0.10.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5274
CVE-2024-35388
CVE-2024-35396
elevation of privilege
CVE-2021-47544
file upload
CVE-2021-47545
memory leak
CVE-2024-4956
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »