Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nodejs node.js vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2015-8860
The tar package prior to 2.0.0 for Node.js allows remote malicious users to write to arbitrary files via a symlink attack in an archive.
Nodejs Node.js
445
VMScore
CVE-2016-3956
The CLI in npm prior to 2.15.1 and 3.x prior to 3.8.3, as used in Node.js 0.10 prior to 0.10.44, 0.12 prior to 0.12.13, 4 prior to 4.4.2, and 5 prior to 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by rea...
Ibm Sdk
Nodejs Node.js 0.10.9
Nodejs Node.js 4.3.0
Nodejs Node.js 0.10.11
Nodejs Node.js 4.0.0
Nodejs Node.js 0.10.21
Nodejs Node.js 0.10.4
Nodejs Node.js 4.3.2
Nodejs Node.js 0.12.4
Nodejs Node.js 0.10.41
Nodejs Node.js 0.10.20
Nodejs Node.js 0.10.18
Nodejs Node.js 0.10.39
Nodejs Node.js 0.10.29
Nodejs Node.js 5.2.0
Nodejs Node.js 0.10.31
Nodejs Node.js 4.3.1
Nodejs Node.js 0.10.2
Nodejs Node.js 5.5.0
Nodejs Node.js 5.9.0
Nodejs Node.js 0.10.30
Nodejs Node.js 0.12.7
445
VMScore
CVE-2016-2086
Node.js 0.10.x prior to 0.10.42, 0.12.x prior to 0.12.10, 4.x prior to 4.3.0, and 5.x prior to 5.6.0 allow remote malicious users to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Nodejs Node.js 0.10.9
Nodejs Node.js 0.10.11
Nodejs Node.js 4.0.0
Nodejs Node.js 0.10.21
Nodejs Node.js 0.10.4
Nodejs Node.js 0.12.4
Nodejs Node.js 0.10.41
Nodejs Node.js 0.10.20
Nodejs Node.js 0.10.18
Nodejs Node.js 0.10.39
Nodejs Node.js 0.10.29
Nodejs Node.js 5.2.0
Nodejs Node.js 0.10.31
Nodejs Node.js 0.10.2
Nodejs Node.js 5.5.0
Nodejs Node.js 0.10.30
Nodejs Node.js 0.12.7
Nodejs Node.js 0.10.25
Nodejs Node.js 0.10.14
Nodejs Node.js 4.1.1
Nodejs Node.js 4.2.3
Nodejs Node.js 5.4.0
1 Article
445
VMScore
CVE-2015-3193
The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 prior to 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote malicious users to obt...
Openssl Openssl 1.0.2a
Openssl Openssl 1.0.2b
Openssl Openssl 1.0.2c
Openssl Openssl 1.0.2
Openssl Openssl 1.0.2d
Nodejs Node.js
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
1 Github repository
445
VMScore
CVE-2014-7191
The qs module prior to 1.0.0 in Node.js does not call the compact function for array data, which allows remote malicious users to cause a denial of service (memory consumption) by using a large index value to create a sparse array.
Nodejs Node.js
445
VMScore
CVE-2014-5256
Node.js 0.8 prior to 0.8.28 and 0.10 prior to 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote malicious users to cause a denial of service (memory corruption and applicat...
Nodejs Nodejs 0.10.2
Nodejs Nodejs 0.8.0
Nodejs Nodejs 0.8.14
Nodejs Nodejs 0.8.12
Nodejs Nodejs 0.10.0
Nodejs Nodejs 0.8.5
Nodejs Nodejs 0.8.22
Nodejs Nodejs 0.10.1
Nodejs Nodejs 0.10.14
Nodejs Nodejs 0.10.9
Nodejs Nodejs 0.10.15
Nodejs Nodejs 0.8.19
Nodejs Nodejs 0.10.28
Nodejs Nodejs 0.10.3
Nodejs Nodejs 0.10.6
Nodejs Nodejs 0.8.3
Nodejs Nodejs 0.8.6
Nodejs Nodejs 0.8.26
Nodejs Nodejs 0.8.10
Nodejs Nodejs 0.8.4
Nodejs Nodejs 0.8.8
Nodejs Nodejs 0.10.29
1 Github repository
409
VMScore
CVE-2020-8252
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
Nodejs Node.js
Opensuse Leap 15.2
Fedoraproject Fedora 33
392
VMScore
CVE-2021-37701
The npm package "tar" (aka node-tar) prior to 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. Thi...
Npmjs Tar
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Graalvm 20.3.3
Oracle Graalvm 21.2.0
Siemens Sinec Infrastructure Network Services
392
VMScore
CVE-2021-37712
The npm package "tar" (aka node-tar) prior to 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. Th...
Npmjs Tar
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Graalvm 20.3.3
Oracle Graalvm 21.2.0
Siemens Sinec Infrastructure Network Services
392
VMScore
CVE-2021-22921
Node.js prior to 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an malicious user to perform two differen...
Nodejs Node.js
Siemens Sinec Infrastructure Network Services
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »