Search for packages
| purl | pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie |
| Next non-vulnerable version | 20.15.1+dfsg-1 |
| Latest non-vulnerable version | 22.22.2+dfsg+~cs22.19.15-3 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1vp3-fzdr-yqbm
Aliases: CVE-2026-21715 |
Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-2t7c-dju9-pff6
Aliases: CVE-2026-21713 |
Node.js: Node.js: Information disclosure via timing oracle in HMAC verification |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-43sf-4r41-wugc
Aliases: CVE-2025-55132 |
nodejs: Nodejs filesystem permissions bypass |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-96yh-1wub-zucg
Aliases: CVE-2026-21714 |
Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-98fy-tedc-ube7
Aliases: CVE-2025-55131 |
nodejs: Nodejs uninitialized memory exposure |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-bjza-25hu-vkad
Aliases: CVE-2026-21637 |
nodejs: Nodejs denial of service |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-dgkh-jdah-wfh9
Aliases: CVE-2026-21717 |
nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-dt7u-3usg-9uet
Aliases: CVE-2026-21710 |
Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-twc8-ewm7-wkb1
Aliases: CVE-2026-21716 |
nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-u8bq-8jp4-jkem
Aliases: CVE-2025-59466 |
nodejs: Nodejs denial of service |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-v7uy-445x-tuan
Aliases: CVE-2025-59465 |
nodejs: Nodejs denial of service |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-wf5t-3pwz-c7d7
Aliases: CVE-2025-23085 |
Multiple vulnerabilities have been discovered in Node.js, the worst of which can lead to arbitrary code execution. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-x1an-pjq4-nbby
Aliases: CVE-2025-55130 |
nodejs: Nodejs file permissions bypass |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-xkpz-pb5y-jqcy
Aliases: CVE-2025-23166 |
nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-17k5-vadp-4kby | nghttp2: overly large SETTINGS frames can lead to DoS |
CVE-2020-11080
|
| VCID-1bhj-vafz-4ya8 | Multiple vulnerabilities have been found in Node.js, worst of which could allow remote attackers to write arbitrary files. |
CVE-2018-12122
|
| VCID-1ghj-acr4-tkat | Multiple vulnerabilities have been found in Node.js, the worst of which can allow remote attackers to cause Denial of Service conditions. |
CVE-2016-2216
|
| VCID-2z1f-7jkw-17av | Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. |
CVE-2024-27982
|
| VCID-35e4-h5zk-5ffn | A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied. |
CVE-2024-3566
|
| VCID-38k9-23j3-eqh7 | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2023-30581
|
| VCID-39c4-njbs-pyeq | Multiple vulnerabilities have been found in NodeJS, the worst of which could result in the arbitrary execution of code. |
CVE-2020-8251
|
| VCID-3j17-wsqw-hucs | NodeJS: HTTP Pipelining DoS |
CVE-2013-4450
|
| VCID-3nb1-jud1-rkgk | nodejs: `Buffer` to UTF8 `String` conversion DoS |
CVE-2015-5380
|
| VCID-3v19-cq1w-y3cz | nodejs: Vulnerable to CVE-2017-3737 due to embedded OpenSSL |
CVE-2017-15896
|
| VCID-3vdn-6af1-k3g6 | Multiple vulnerabilities have been found in Node.js, worst of which could allow remote attackers to write arbitrary files. |
CVE-2018-7161
|
| VCID-43sf-4r41-wugc | nodejs: Nodejs filesystem permissions bypass |
CVE-2025-55132
|
| VCID-4ak9-89fm-ybh2 | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2023-30582
|
| VCID-4cbr-u3tr-pfdr | nodejs: wildcard certificates not properly validated |
CVE-2016-7099
|
| VCID-4dhf-bpv6-a3e1 | Multiple vulnerabilities have been found in Node.js, worst of which could allow remote attackers to write arbitrary files. |
CVE-2019-15604
|
| VCID-4khc-2nz3-ckhr | Multiple vulnerabilities have been found in Node.js, worst of which could allow remote attackers to write arbitrary files. |
CVE-2018-7164
|
| VCID-5397-fjce-pbbg | The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string. |
CVE-2012-2330
|
| VCID-53xm-8w84-93cx | Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity. |
CVE-2021-22930
|
| VCID-5afy-ud31-hbaw | Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. |
CVE-2024-21890
|
| VCID-5cf7-va9h-h3gy | Improper Certificate Validation Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js does not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option. |
CVE-2021-44531
|
| VCID-67xm-uc9p-y7f2 | Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. |
CVE-2024-22020
|
| VCID-6uyn-fy9v-c3gx | Uncontrolled Resource Consumption Node.js allows remote attackers to cause a denial of service. |
CVE-2015-7384
|
| VCID-7cth-47w2-17hy | Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity. |
CVE-2021-22940
|
| VCID-7nnu-jtjx-u3ff | Node.js: Permissions policies can be bypassed via process.mainModule |
CVE-2023-23918
|
| VCID-7tpb-9zrz-e7e1 | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2022-32212
|
| VCID-7z51-jgw6-v7hr | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2023-32005
|
| VCID-8c4g-fjsa-nkhw | llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields The llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. The LF character (without CR) is sufficient to delimit HTTP header fields in the lihttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This can lead to HTTP Request Smuggling (HRS). |
CVE-2022-32214
GHSA-q5vx-44v4-gch4 |
| VCID-8m9d-ah96-d7cg | Multiple vulnerabilities have been found in Node.js, the worst of which can allow remote attackers to cause Denial of Service conditions. |
CVE-2015-8027
|
| VCID-8myg-sjwy-yqfp | Node.js: OpenSSL error handling issues in nodejs crypto library |
CVE-2023-23919
|
| VCID-8qmf-bwmg-5bar | nodejs: Unitialized buffer due to incorrect encoding |
CVE-2017-15897
|
| VCID-9g7s-y7nq-xfbb | Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity. |
CVE-2021-22939
|
| VCID-9hzg-r1fj-pubf | Excessive CPU usage in HTTP/2 with priority changes |
CVE-2019-9513
|
| VCID-9tvd-qsp8-byfx | Multiple vulnerabilities have been found in Node.js, worst of which could allow remote attackers to write arbitrary files. |
CVE-2019-5739
|
| VCID-9uux-1n93-4kcs | nodejs: Unintentional exposure of uninitialized memory |
CVE-2018-7166
|
| VCID-9v22-ened-4bg2 | Multiple vulnerabilities have been found in Node.js, worst of which could allow remote attackers to write arbitrary files. |
CVE-2018-12123
|
| VCID-9yq7-aba3-c7c3 | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2023-32559
|
| VCID-a7mj-p1d7-h3cv | Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. |
CVE-2023-39331
|
| VCID-ap4u-dkwx-1kb3 | Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity. |
CVE-2021-22931
|
| VCID-apbs-8ge7-dyg3 | Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. |
CVE-2024-21896
|
| VCID-atyy-fepb-6yge | Multiple vulnerabilities have been found in Node.js, the worst of which can allow remote attackers to cause Denial of Service conditions. |
CVE-2016-5325
|
| VCID-b1vd-c8xt-dqc6 | Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled. |
CVE-2024-36138
|
| VCID-b54b-pd2b-bygm | llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding The llhttp parser in the http module in Node.js v17.x does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). Impacts: - All versions of the nodejs 18.x, 16.x, and 14.x releases lines. - llhttp v6.0.7 and llhttp v2.1.5 contains the fixes that were updated inside Node.js |
CVE-2022-32213
GHSA-5689-v88g-g6rv |
| VCID-b7hq-5yyx-tuhs | Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking. |
CVE-2021-22921
|
| VCID-bx67-aud6-b3fa | Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. |
CVE-2024-22025
|
| VCID-c8xz-v6h3-6ueb | nodejs: libuv: Out-of-Bounds Access Due to Inconsistent off_t Size in libuv and Node.js Build on i386 |
CVE-2025-47153
|
| VCID-cjrh-xgy5-63ga | An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of `path.join` API. |
CVE-2025-27210
|
| VCID-d8nf-t1fb-2uad | Multiple vulnerabilities have been found in Node.js, the worst of which can allow remote attackers to cause Denial of Service conditions. |
CVE-2016-2086
|
| VCID-dfdy-vhdd-5kh4 | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2022-35256
|
| VCID-dmv4-ydq9-a7eq | Excessive CPU usage in HTTP/2 with small window updates |
CVE-2019-9511
|
| VCID-e18p-c3m9-2qgy | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2021-44532
|
| VCID-e6gj-fe31-kkh5 | Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. |
CVE-2023-46809
|
| VCID-e7u5-356v-jbg7 | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2023-30590
|
| VCID-ec66-gwvw-kucs | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2023-30587
|
| VCID-enz6-qdn6-dkgm | Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. |
CVE-2023-38552
|
| VCID-f7ch-ze7a-d7gr | Multiple vulnerabilities have been found in Node.js, worst of which could allow remote attackers to write arbitrary files. |
CVE-2018-12116
|
| VCID-fetp-hvhq-dube | Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing |
CVE-2026-21712
|
| VCID-g28p-7shw-n3bn | Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. |
CVE-2017-14849
|
| VCID-g5wj-ffk1-7bg7 | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2023-30586
|
| VCID-gwyr-ac4e-dqfa | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') The llhttp parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). |
CVE-2021-22959
|
| VCID-h8gu-1htb-u3fg | nodejs: Debugger port 5858 listens on any interface by default |
CVE-2018-12120
|
| VCID-hnjv-fp2r-vqfq | Node.js: insecure loading of ICU data through ICU_DATA environment variable |
CVE-2023-23920
|
| VCID-hu7c-gc8f-q3cm | nodejs: Constant Hashtable Seeds vulnerability |
CVE-2017-11499
|
| VCID-jbph-d393-byd4 | nodejs: privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process |
CVE-2023-30585
|
| VCID-jbws-qjq3-qbhq | nodejs: Nodejs network segmentation bypass |
CVE-2026-21636
|
| VCID-k4cj-47gd-s7ck | nodejs: Nodejs memory leak |
CVE-2025-59464
|
| VCID-ke6j-fgys-gyga | Multiple vulnerabilities have been found in Node.js, worst of which could allow remote attackers to write arbitrary files. |
CVE-2019-15605
|
| VCID-kj75-vmwa-gqgq | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2023-32006
|
| VCID-krft-297e-qfdw | Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. |
CVE-2024-36137
|
| VCID-kvmm-gh2f-zqau | nodejs: Node.js Rapidhash HashDoS Vulnerability |
CVE-2025-27209
|
| VCID-m5ae-uc68-d3g2 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') This advisory has been marked as a false positive. |
CVE-2022-21824
|
| VCID-m7rw-arzq-jba1 | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2022-43548
|
| VCID-mqcy-2run-93d6 | Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. |
CVE-2024-21892
|
| VCID-ms5y-gp7v-2qay | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2021-44533
|
| VCID-n66u-b73u-zucb | golang.org/x/net/http vulnerable to a reset flood Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Servers that accept direct connections from untrusted clients could be remotely made to allocate an unlimited amount of memory, until the program crashes. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. ### Specific Go Packages Affected golang.org/x/net/http2 |
CVE-2019-9514
GHSA-39qc-96h7-956f |
| VCID-n91z-kugd-ebb5 | Multiple vulnerabilities have been found in NodeJS, the worst of which could result in the arbitrary execution of code. |
CVE-2020-8201
|
| VCID-nenk-4cgd-fugv | Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. |
CVE-2024-27983
|
| VCID-nkas-113k-wkbu | nodejs: HTTP parser allowed for spaces inside Content-Length header values |
CVE-2018-7159
|
| VCID-p31t-nxwe-yyf2 | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2023-32558
|
| VCID-p8ab-a4gk-eyd2 | Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2016-1669
|
| VCID-p9sg-8byk-eydy | Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. |
CVE-2024-37372
|
| VCID-pd4q-4b15-gqey | A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory. On Windows, a path that does not start with the file separator is treated as relative to the current directory. This vulnerability affects Windows users of `path.join` API. |
CVE-2025-23084
|
| VCID-pqnn-ers1-3fec | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2021-22884
|
| VCID-pwe6-zwyr-nqhy | nodejs: DoS via specific windowBits value |
CVE-2017-14919
|
| VCID-q75s-43sx-4kbg | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2023-30588
|
| VCID-q8th-849w-bfhp | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2021-22883
|
| VCID-r8jj-tkxd-5qg8 | Multiple vulnerabilities have been found in Node.js, worst of which could allow remote attackers to write arbitrary files. |
CVE-2018-7162
|
| VCID-rg1f-5nhq-m7ea | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2023-32004
|
| VCID-rhxy-h93e-y3d4 | Multiple vulnerabilities have been found in Node.js, worst of which could allow remote attackers to write arbitrary files. |
CVE-2018-7167
|
| VCID-s1a4-9r1m-8uaw | Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. |
CVE-2023-39332
|
| VCID-sag8-repb-g3f4 | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2023-32002
|
| VCID-srpj-seee-xyhm | Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2015-6764
|
| VCID-sthj-jvke-tyg7 | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2023-30584
|
| VCID-tnhd-rr89-9udh | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') The parse function in llhttp ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. |
CVE-2021-22960
|
| VCID-tpck-fwrj-ruaq | Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability. |
CVE-2022-32223
|
| VCID-tqg7-dw5d-z3et | Multiple vulnerabilities have been found in Node.js, worst of which could allow remote attackers to write arbitrary files. |
CVE-2018-12115
|
| VCID-u8pe-48f4-abc9 | Authentication Bypass by Spoofing The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access. |
CVE-2018-7160
GHSA-wq4c-wm6x-jw44 |
| VCID-ueyx-hwjr-fuhq | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2023-30583
|
| VCID-uftn-4gjb-dqe6 | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2023-32003
|
| VCID-us11-vy4j-pfd2 | Multiple vulnerabilities have been found in Node.js, worst of which could allow remote attackers to write arbitrary files. |
CVE-2019-5737
|
| VCID-usab-z8q8-7qd8 | nodejs: path module regular expression denial of service |
CVE-2018-7158
|
| VCID-v3uy-dqn9-qye5 | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2022-32222
|
| VCID-vhg4-51cg-ebaa | Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. |
CVE-2024-21891
|
| VCID-vkvx-gxbu-3uau | Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. |
CVE-2024-22019
|
| VCID-w6yn-qt4p-vudt | Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. |
CVE-2024-22018
|
| VCID-wpfq-sq11-fqa9 | Multiple vulnerabilities have been found in Node.js, worst of which could allow remote attackers to write arbitrary files. |
CVE-2019-15606
|
| VCID-wzcw-dd7m-zkaz | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2022-32215
|
| VCID-x1an-pjq4-nbby | nodejs: Nodejs file permissions bypass |
CVE-2025-55130
|
| VCID-xeay-8ec9-4bdd | Multiple vulnerabilities have been found in NodeJS, the worst of which could result in the arbitrary execution of code. |
CVE-2020-8174
|
| VCID-xert-byqc-xbe2 | Node.js: Node.js: Unauthorized inter-process communication due to missing Unix Domain Socket permission checks |
CVE-2026-21711
|
| VCID-xnzh-wpd4-63f9 | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2022-35255
|
| VCID-xq3f-g8n8-tffp | The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition. |
CVE-2014-9748
|
| VCID-xva8-adbf-87h3 | Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. |
CVE-2024-22017
|
| VCID-ydzj-e97m-k3cp | Multiple vulnerabilities have been discovered in Node.js, the worst of which can lead to arbitrary code execution. |
CVE-2025-23083
|
| VCID-yxvf-4pb4-d7ec | Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. |
CVE-2023-39333
|
| VCID-yz6h-h3bb-27ee | Node.js: Fail to Escape Arguments Properly in Microsoft Windows |
CVE-2024-27980
|
| VCID-z3gm-8afk-q7dv | V8: Memory Corruption and Stack Overflow |
CVE-2014-5256
|
| VCID-zckz-447u-gueb | Multiple vulnerabilities have been found in NodeJS, the worst of which could result in the arbitrary execution of code. |
CVE-2020-8172
|
| VCID-zj4d-e8r7-ufg3 | Multiple vulnerabilities have been found in NodeJS, the worst of which could result in the arbitrary execution of code. |
CVE-2020-8287
|
| VCID-znta-r3v4-hyg1 | nodejs: Memory Leak in Node.js ReadFileUtf8 Binding Leading to DoS |
CVE-2025-23165
|
| VCID-zrbm-htvv-eke9 | Multiple vulnerabilities have been found in Node.js, worst of which could allow remote attackers to write arbitrary files. |
CVE-2018-12121
|
| VCID-zstw-3wmu-u3c8 | llhttp vulnerable to HTTP request smuggling The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20 |
CVE-2023-30589
GHSA-cggh-pq45-6h9x |
| VCID-ztt4-vnk7-7ycq | Multiple vulnerabilities have been found in NodeJS, the worst of which could result in the arbitrary execution of code. |
CVE-2020-8265
|