Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nodejs node.js vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-1000168
nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerabil...
Nghttp2 Nghttp2
Nodejs Node.js
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2017-14919
Node.js prior to 4.8.5, 6.x prior to 6.11.5, and 8.x prior to 8.8.0 allows remote malicious users to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.
Nodejs Node.js 6.11.1
Nodejs Node.js 8.1.1
Nodejs Node.js 8.1.3
Nodejs Node.js 6.10.3
Nodejs Node.js 8.0.0
Nodejs Node.js 4.8.3
Nodejs Node.js 8.1.0
Nodejs Node.js 8.1.2
Nodejs Node.js 4.8.2
Nodejs Node.js 6.11.0
Nodejs Node.js 6.10.2
Nodejs Node.js 8.5.0
Nodejs Node.js 4.8.4
Nodejs Node.js 6.11.2
Nodejs Node.js 6.11.3
Nodejs Node.js 6.11.4
Nodejs Node.js 8.1.4
Nodejs Node.js 8.2.0
Nodejs Node.js 8.2.1
Nodejs Node.js 8.3.0
Nodejs Node.js 8.4.0
Nodejs Node.js 8.6.0
7.5
CVSSv3
CVE-2014-3744
Directory traversal vulnerability in the st module prior to 0.2.5 for Node.js allows remote malicious users to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.
Nodejs Node.js
7.5
CVSSv3
CVE-2015-7384
Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote malicious users to cause a denial of service.
Nodejs Node.js 4.0.0
Nodejs Node.js 4.1.1
Nodejs Node.js 4.1.0
1 Github repository
7.5
CVSSv3
CVE-2017-14849
Node.js 8.5.0 prior to 8.6.0 allows remote malicious users to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
Nodejs Node.js 8.5.0
6 Github repositories
7.5
CVSSv3
CVE-2017-11499
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building ...
Nodejs Node.js 6.0.0
Nodejs Node.js 5.10.0
Nodejs Node.js 4.3.0
Nodejs Node.js 7.8.0
Nodejs Node.js 4.0.0
Nodejs Node.js 4.5.0
Nodejs Node.js 6.2.0
Nodejs Node.js 4.3.2
Nodejs Node.js 4.6.2
Nodejs Node.js 4.4.4
Nodejs Node.js 6.11.1
Nodejs Node.js 7.7.0
Nodejs Node.js 6.9.0
Nodejs Node.js 5.12.0
Nodejs Node.js 6.3.0
Nodejs Node.js 5.2.0
Nodejs Node.js 4.3.1
Nodejs Node.js 5.5.0
Nodejs Node.js 7.4.0
Nodejs Node.js 5.9.0
Nodejs Node.js 8.1.1
Nodejs Node.js 8.1.3
7.5
CVSSv3
CVE-2015-8855
The semver package prior to 4.3.2 for Node.js allows malicious users to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
Nodejs Node.js
7.5
CVSSv3
CVE-2015-8860
The tar package prior to 2.0.0 for Node.js allows remote malicious users to write to arbitrary files via a symlink attack in an archive.
Nodejs Node.js
7.5
CVSSv3
CVE-2016-3956
The CLI in npm prior to 2.15.1 and 3.x prior to 3.8.3, as used in Node.js 0.10 prior to 0.10.44, 0.12 prior to 0.12.13, 4 prior to 4.4.2, and 5 prior to 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by rea...
Ibm Sdk
Nodejs Node.js 0.10.9
Nodejs Node.js 4.3.0
Nodejs Node.js 0.10.11
Nodejs Node.js 4.0.0
Nodejs Node.js 0.10.21
Nodejs Node.js 0.10.4
Nodejs Node.js 4.3.2
Nodejs Node.js 0.12.4
Nodejs Node.js 0.10.41
Nodejs Node.js 0.10.20
Nodejs Node.js 0.10.18
Nodejs Node.js 0.10.39
Nodejs Node.js 0.10.29
Nodejs Node.js 5.2.0
Nodejs Node.js 0.10.31
Nodejs Node.js 4.3.1
Nodejs Node.js 0.10.2
Nodejs Node.js 5.5.0
Nodejs Node.js 5.9.0
Nodejs Node.js 0.10.30
Nodejs Node.js 0.12.7
7.5
CVSSv3
CVE-2016-2216
The HTTP header parsing code in Node.js 0.10.x prior to 0.10.42, 0.11.6 up to and including 0.11.16, 0.12.x prior to 0.12.10, 4.x prior to 4.3.0, and 5.x prior to 5.6.0 allows remote malicious users to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unico...
Nodejs Node.js 0.10.9
Nodejs Node.js 0.10.11
Nodejs Node.js 4.0.0
Nodejs Node.js 0.10.21
Nodejs Node.js 0.10.4
Nodejs Node.js 0.12.4
Nodejs Node.js 0.10.41
Nodejs Node.js 0.10.20
Nodejs Node.js 0.10.18
Nodejs Node.js 0.10.39
Nodejs Node.js 0.11.7
Nodejs Node.js 0.10.29
Nodejs Node.js 5.2.0
Nodejs Node.js 0.10.31
Nodejs Node.js 0.10.2
Nodejs Node.js 5.5.0
Nodejs Node.js 0.10.30
Nodejs Node.js 0.12.7
Nodejs Node.js 0.11.6
Nodejs Node.js 0.11.14
Nodejs Node.js 0.10.25
Nodejs Node.js 0.10.14
26 Github repositories
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »