Known Vulnerabilities for products from Nodejs
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Nodejs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-54639 json | Not Provided | 2026-06-24 | 2026-06-24 | |
| CVE-2026-48936 json | A flaw in Node.js Permission API can cause a local server to be started (via a Unix domain socket), even without the `--allow... | Not Provided | 2026-06-26 | 2026-06-26 |
| CVE-2026-48935 json | A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. ... | Not Provided | 2026-06-26 | 2026-06-26 |
| CVE-2026-48934 json | A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affec... | Not Provided | 2026-06-26 | 2026-06-29 |
| CVE-2026-48933 json | A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB. ... | Not Provided | 2026-06-26 | 2026-07-07 |
| CVE-2026-48931 json | A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the req... | Not Provided | 2026-06-22 | 2026-07-03 |
| CVE-2026-48930 json | A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-stri... | Not Provided | 2026-06-26 | 2026-06-26 |
| CVE-2026-48928 json | A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerabil... | Not Provided | 2026-06-26 | 2026-06-26 |
| CVE-2026-48619 json | A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of M... | Not Provided | 2026-06-26 | 2026-06-26 |
| CVE-2026-48618 json | A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authe... | Not Provided | 2026-06-26 | 2026-06-26 |
| CVE-2026-48615 json | A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages. When pr... | Not Provided | 2026-06-26 | 2026-06-26 |
| CVE-2026-48527 json | Not Provided | 2026-05-29 | 2026-05-29 | |
| CVE-2026-47209 json | Not Provided | 2026-06-12 | 2026-06-12 | |
| CVE-2026-46511 json | Not Provided | 2026-06-05 | 2026-06-08 | |
| CVE-2026-46496 json | Not Provided | 2026-06-05 | 2026-06-05 | |
| CVE-2026-46493 json | Not Provided | 2026-06-05 | 2026-06-05 | |
| CVE-2026-46401 json | Not Provided | 2026-06-05 | 2026-06-08 | |
| CVE-2026-46400 json | Not Provided | 2026-06-05 | 2026-06-08 | |
| CVE-2026-46399 json | Not Provided | 2026-06-05 | 2026-06-08 | |
| CVE-2026-46398 json | Not Provided | 2026-06-05 | 2026-06-05 |