Known Vulnerabilities for Node-fetch by Node-fetch Project
Listed below are 3 of the newest known vulnerabilities associated with "Node-fetch" by "Node-fetch Project".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-53725 json | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to... | Not Provided | 2026-06-12 | 2026-06-13 |
| CVE-2026-53607 json | ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, when `prettyUrls: ... | Not Provided | 2026-06-12 | 2026-06-15 |
| CVE-2026-48153 json | Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplie... | Not Provided | 2026-05-27 | 2026-05-27 |
| CVE-2026-45061 json | Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint (POST /api/plugin) validates t... | Not Provided | 2026-05-27 | 2026-05-28 |
| CVE-2026-45012 json | ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 contain an authenticat... | Not Provided | 2026-06-12 | 2026-06-15 |
| CVE-2026-44488 json | Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configu... | Not Provided | 2026-06-11 | 2026-06-11 |
| CVE-2026-44451 json | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX ... | Not Provided | 2026-05-26 | 2026-05-27 |
| CVE-2026-44286 json | FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery (SSRF) vul... | Not Provided | 2026-05-08 | 2026-05-11 |
| CVE-2026-43995 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implem... | Not Provided | 2026-05-11 | 2026-05-11 |
| CVE-2026-41270 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Reques... | Not Provided | 2026-04-23 | 2026-04-25 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Node-fetch Project | Node-fetch | 3.0.0 | |||
| Application | Node-fetch Project | Node-fetch | 3.0.0 | |||
| Application | Node-fetch Project | Node-fetch | 3.0.0 | |||
| Application | Node-fetch Project | Node-fetch | 3.0.0 | |||
| Application | Node-fetch Project | Node-fetch | 3.0.0 | |||
| Application | Node-fetch Project | Node-fetch | 3.0.0 | |||
| Application | Node-fetch Project | Node-fetch | 2.6.1 | |||
| Application | Node-fetch Project | Node-fetch | 2.6.0 | |||
| Application | Node-fetch Project | Node-fetch | 2.5.0 | |||
| Application | Node-fetch Project | Node-fetch | 2.4.1 | |||
| Application | Node-fetch Project | Node-fetch | 2.4.0 | |||
| Application | Node-fetch Project | Node-fetch | 2.3.0 | |||
| Application | Node-fetch Project | Node-fetch | 2.2.1 | |||
| Application | Node-fetch Project | Node-fetch | 2.2.0 | |||
| Application | Node-fetch Project | Node-fetch | 2.1.2 | |||
| Application | Node-fetch Project | Node-fetch | 2.1.1 | |||
| Application | Node-fetch Project | Node-fetch | 2.1.0 | |||
| Application | Node-fetch Project | Node-fetch | 2.0.0 | |||
| Application | Node-fetch Project | Node-fetch | 2.0.0 | |||
| Application | Node-fetch Project | Node-fetch | 2.0.0 |