Known Vulnerabilities for products from Nodejs
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Nodejs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-35185 json | Not Provided | 2026-04-06 | 2026-04-07 | |
| CVE-2026-33872 json | Not Provided | 2026-03-27 | 2026-03-30 | |
| CVE-2026-5483 json | Not Provided | 2026-04-10 | 2026-04-10 | |
| CVE-2023-45143 json | Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization ... | 3.5 - LOW | 2023-10-12 | 2023-11-03 |
| CVE-2023-44487 json | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many stre... | 7.5 - HIGH | 2023-10-10 | 2024-02-02 |
| CVE-2023-39332 json | Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `B... | 9.8 - CRITICAL | 2023-10-18 | 2023-11-17 |
| CVE-2023-39331 json | A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vu... | 7.5 - HIGH | 2023-10-18 | 2023-11-17 |
| CVE-2023-38552 json | When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept ... | 7.5 - HIGH | 2023-10-18 | 2023-11-16 |
| CVE-2023-32559 json | A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and,... | 7.5 - HIGH | 2023-08-24 | 2023-10-24 |
| CVE-2023-32558 json | The use of the deprecated API `process.binding()` can bypass the permission model through path traversal. This vulnerabilit... | 7.5 - HIGH | 2023-09-12 | 2023-12-04 |
| CVE-2023-32006 json | The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.jso... | 8.8 - HIGH | 2023-08-15 | 2023-09-15 |
| CVE-2023-32005 json | A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --al... | 5.3 - MEDIUM | 2023-09-12 | 2023-11-04 |
| CVE-2023-32004 json | A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw r... | 8.8 - HIGH | 2023-08-15 | 2023-09-15 |
| CVE-2023-32003 json | `fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This fl... | 5.3 - MEDIUM | 2023-08-15 | 2023-09-21 |
| CVE-2023-32002 json | The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a g... | 9.8 - CRITICAL | 2023-08-21 | 2023-09-15 |
| CVE-2023-30590 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-11-28 | 2024-03-27 |
| CVE-2023-30589 json | The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This c... | 7.5 - HIGH | 2023-07-01 | 2023-12-12 |
| CVE-2023-30588 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.3 - MEDIUM | 2023-11-28 | 2023-12-04 |
| CVE-2023-30586 json | A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimenta... | 7.5 - HIGH | 2023-07-01 | 2023-11-17 |
| CVE-2023-30585 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-11-28 | 2023-12-02 |