Known Vulnerabilities for products from Nodejs
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Nodejs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-40340 | Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., replace with asterisks) credentials specified in the Np... | 7.5 - HIGH | 2023-08-16 | 2023-08-17 |
| CVE-2023-37899 | Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket han... | 7.5 - HIGH | 2023-07-19 | 2023-07-19 |
| CVE-2022-39266 | isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if th... | 9.8 - CRITICAL | 2022-09-29 | 2023-08-24 |
| CVE-2022-21824 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.2 - HIGH | 2022-02-24 | 2022-11-10 |
| CVE-2021-43803 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2021-12-10 | 2022-02-17 |
| CVE-2021-23840 | Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases wher... | 7.5 - HIGH | 2021-02-16 | 2022-08-29 |
| CVE-2021-22940 | Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to explo... | 7.5 - HIGH | 2021-08-16 | 2022-11-03 |
| CVE-2021-22939 | If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error ... | 5.3 - MEDIUM | 2021-08-16 | 2022-11-07 |
| CVE-2021-22931 | Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing i... | 9.8 - CRITICAL | 2021-08-16 | 2022-08-12 |
| CVE-2021-22930 | Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to explo... | 9.8 - CRITICAL | 2021-10-07 | 2022-11-03 |
| CVE-2021-22921 | Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on W... | 7.8 - HIGH | 2021-07-12 | 2022-04-06 |
| CVE-2021-22918 | Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert str... | 5.3 - MEDIUM | 2021-07-12 | 2022-04-06 |
| CVE-2021-22884 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “loc... | 7.5 - HIGH | 2021-03-03 | 2022-04-06 |
| CVE-2021-22883 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection at... | 7.5 - HIGH | 2021-03-03 | 2022-10-24 |
| CVE-2021-4044 | Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That f... | 7.5 - HIGH | 2021-12-14 | 2022-08-29 |
| CVE-2021-3672 | A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers... | 5.6 - MEDIUM | 2021-11-23 | 2022-10-18 |
| CVE-2021-3450 | The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is... | 7.4 - HIGH | 2021-03-25 | 2023-08-04 |
| CVE-2021-3449 | An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 r... | 5.9 - MEDIUM | 2021-03-25 | 2022-08-29 |
| CVE-2020-11080 | In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of conce... | 7.5 - HIGH | 2020-06-03 | 2022-08-29 |
| CVE-2020-10531 | An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to... | 8.8 - HIGH | 2020-03-12 | 2022-08-12 |
Known software with vulnerabilities from Nodejs
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Nodejs | Node.js | 0.0.1 |
| Application | Nodejs | Nodejs | 0.6.16 |
Popular searches for "Nodejs"
Node.js
nodejs.orgNode.js M K INode.js is a JavaScript runtime built on Chrome's V8 JavaScript engine.
nodejs.org/en iojs.org jobs.nodejs.org nodejs.org/en nodejs.org/it no.de Node.js Trademark Joyent Linux Foundation V8 (JavaScript engine) JavaScript Google Chrome Long-term support Google Docs Changelog Application programming interface All rights reserved Runtime system Run time (program lifecycle phase) Computer security Download Get Help User (computing) Software release life cycle Toggle.sgIndex of /download/
nodejs.org/downloadIndex of /download/ Nov-2019 05:30 - chakracore-rc/ 23-May-2018 21:45 - chakracore-release/ 17-Nov-2018 08:25 - docs/ 23-Feb-2021 13:00 - next-nightly/ 30-Aug-2015 08:29 - nightly/ 02-Mar-2021 06:30 - rc/ 22-Feb-2021 22:33 - release/ 23-Feb-2021 13:00 - test/ 11-Feb-2021 12:00 - v8-canary/ 28-Feb-2021 10:30 -.
2019 ATP Tour 2018 Rolex Paris Masters – Doubles 2015 Winston-Salem Open – Doubles 2018 Slovak Open – Doubles 2015 Generali Open Kitzbühel – Doubles 2015 German Open – Doubles 2015 Western & Southern Open – Men's Doubles 2018 Bauer Watertechnology Cup – Doubles 2018 Oracle Challenger Series – Houston – Men's Doubles 2015 Rogers Cup – Men's Doubles 2018 Geneva Open – Doubles 2018 Open du Pays d'Aix – Doubles 2018 Shenzhen Longhua Open – Men's Doubles 2018 Challenger de Buenos Aires – Doubles 2018 Bengaluru Open – Doubles 2015 International Tennis Tournament of Cortina – Doubles 2015 BB&T Atlanta Open – Doubles 2018 Braga Open – Doubles 2015 Citi Open – Men's Doubles 2018 Estoril Open – Doubles