Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nodejs vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-38552
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerab...
Nodejs Node.js
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
695
VMScore
CVE-2019-9512
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consum...
Apple Swiftnio
Apache Traffic Server
Debian Debian Linux 10.0
Nodejs Node.js
2 Github repositories
1 Article
NA
CVE-2023-45143
Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be se...
Nodejs Undici
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
NA
CVE-2022-32214
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
Llhttp Llhttp
Nodejs Node.js
Debian Debian Linux 11.0
Stormshield Stormshield Management Center
NA
CVE-2022-35255
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() alwa...
Nodejs Node.js
Siemens Sinec Ins 1.0
Siemens Sinec Ins
Debian Debian Linux 11.0
668
VMScore
CVE-2021-22930
Node.js prior to 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
Nodejs Node.js
Netapp Nextgen Api -
Siemens Sinec Infrastructure Network Services
Debian Debian Linux 10.0
605
VMScore
CVE-2015-2927
node 0.3.2 and URONode prior to 1.0.5r3 allows remote malicious users to cause a denial of service (bandwidth consumption).
Uronode Uro Node
Nodejs Node.js 0.3.2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
NA
CVE-2022-35256
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
Nodejs Node.js
Llhttp Llhttp
Siemens Sinec Ins 1.0
Siemens Sinec Ins
Debian Debian Linux 11.0
605
VMScore
CVE-2020-8265
Node.js versions prior to 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If...
Nodejs Node.js
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Oracle Graalvm 19.3.4
Oracle Graalvm 20.3.0
Siemens Sinec Infrastructure Network Services
570
VMScore
CVE-2020-8287
Node.js versions prior to 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smug...
Nodejs Node.js
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Oracle Graalvm 19.3.4
Oracle Graalvm 20.3.0
Siemens Sinec Infrastructure Network Services
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »