Known Vulnerabilities for products from Nodejs
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Nodejs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33872 | Not Provided | 2026-03-27 | 2026-03-30 | |
| CVE-2022-21824 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.2 - HIGH | 2022-02-24 | 2022-11-10 |
| CVE-2021-43803 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2021-12-10 | 2024-03-12 |
| CVE-2021-23840 | Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases wher... | 7.5 - HIGH | 2021-02-16 | 2023-11-07 |
| CVE-2021-22940 | Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to explo... | 7.5 - HIGH | 2021-08-16 | 2024-01-05 |
| CVE-2021-22939 | If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error ... | 5.3 - MEDIUM | 2021-08-16 | 2024-01-05 |
| CVE-2021-22931 | Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing i... | 9.8 - CRITICAL | 2021-08-16 | 2024-01-05 |
| CVE-2021-22930 | Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to explo... | 9.8 - CRITICAL | 2021-10-07 | 2024-01-05 |
| CVE-2021-22921 | Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on W... | 7.8 - HIGH | 2021-07-12 | 2022-04-06 |
| CVE-2021-22918 | Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert str... | 5.3 - MEDIUM | 2021-07-12 | 2024-01-16 |
| CVE-2021-22884 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “loc... | 7.5 - HIGH | 2021-03-03 | 2023-11-07 |
| CVE-2021-22883 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection at... | 7.5 - HIGH | 2021-03-03 | 2023-11-07 |
| CVE-2021-4044 | Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That f... | 7.5 - HIGH | 2021-12-14 | 2023-11-09 |
| CVE-2021-3672 | A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers... | 5.6 - MEDIUM | 2021-11-23 | 2024-01-05 |
| CVE-2021-3450 | The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is... | 7.4 - HIGH | 2021-03-25 | 2023-11-07 |
| CVE-2021-3449 | An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 r... | 5.9 - MEDIUM | 2021-03-25 | 2023-11-07 |
| CVE-2020-11080 | In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of conce... | 7.5 - HIGH | 2020-06-03 | 2023-11-07 |
| CVE-2020-10531 | An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to... | 8.8 - HIGH | 2020-03-12 | 2023-11-07 |
| CVE-2020-8287 | Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example,... | 6.5 - MEDIUM | 2021-01-06 | 2023-11-07 |
| CVE-2020-8277 | A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of S... | 7.5 - HIGH | 2020-11-19 | 2023-11-07 |