Known Vulnerabilities for Node-fetch by Node-fetch Project
Listed below are 3 of the newest known vulnerabilities associated with "Node-fetch" by "Node-fetch Project".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-48153 json | Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplie... | Not Provided | 2026-05-27 | 2026-05-27 |
| CVE-2026-45061 json | Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint (POST /api/plugin) validates t... | Not Provided | 2026-05-27 | 2026-05-28 |
| CVE-2026-44451 json | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX ... | Not Provided | 2026-05-26 | 2026-05-27 |
| CVE-2026-44286 json | FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery (SSRF) vul... | Not Provided | 2026-05-08 | 2026-05-11 |
| CVE-2026-43995 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implem... | Not Provided | 2026-05-11 | 2026-05-11 |
| CVE-2026-41270 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Reques... | Not Provided | 2026-04-23 | 2026-04-25 |
| CVE-2026-39311 json | Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. V... | Not Provided | 2026-05-20 | 2026-05-20 |
| CVE-2022-2596 json | Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10. | 5.9 - MEDIUM | 2022-08-01 | 2023-07-11 |
| CVE-2022-0235 json | node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | 6.1 - MEDIUM | 2022-01-16 | 2023-02-03 |
| CVE-2020-15168 json | node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that ... | 5.3 - MEDIUM | 2020-09-10 | 2020-09-17 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Node-fetch Project | Node-fetch | 3.0.0 | |||
| Application | Node-fetch Project | Node-fetch | 3.0.0 | |||
| Application | Node-fetch Project | Node-fetch | 3.0.0 | |||
| Application | Node-fetch Project | Node-fetch | 3.0.0 | |||
| Application | Node-fetch Project | Node-fetch | 3.0.0 | |||
| Application | Node-fetch Project | Node-fetch | 3.0.0 | |||
| Application | Node-fetch Project | Node-fetch | 2.6.1 | |||
| Application | Node-fetch Project | Node-fetch | 2.6.0 | |||
| Application | Node-fetch Project | Node-fetch | 2.5.0 | |||
| Application | Node-fetch Project | Node-fetch | 2.4.1 | |||
| Application | Node-fetch Project | Node-fetch | 2.4.0 | |||
| Application | Node-fetch Project | Node-fetch | 2.3.0 | |||
| Application | Node-fetch Project | Node-fetch | 2.2.1 | |||
| Application | Node-fetch Project | Node-fetch | 2.2.0 | |||
| Application | Node-fetch Project | Node-fetch | 2.1.2 | |||
| Application | Node-fetch Project | Node-fetch | 2.1.1 | |||
| Application | Node-fetch Project | Node-fetch | 2.1.0 | |||
| Application | Node-fetch Project | Node-fetch | 2.0.0 | |||
| Application | Node-fetch Project | Node-fetch | 2.0.0 | |||
| Application | Node-fetch Project | Node-fetch | 2.0.0 |