Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-yxvf-4pb4-d7ec
Vulnerability ID VCID-yxvf-4pb4-d7ec
Aliases CVE-2023-39333
Summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-94 Improper Control of Generation of Code ('Code Injection')
System Score Found at
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39333.json
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2023-39333
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2023-39333
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2023-39333
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2023-39333
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2023-39333
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2023-39333
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2023-39333
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2023-39333
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.3 https://nodejs.org/en/blog/vulnerability/october-2023-security-releases
ssvc Track https://nodejs.org/en/blog/vulnerability/october-2023-security-releases
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39333.json
https://api.first.org/data/v1/epss?cve=CVE-2023-39333
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1054892 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054892
2244418 https://bugzilla.redhat.com/show_bug.cgi?id=2244418
GLSA-202505-11 https://security.gentoo.org/glsa/202505-11
october-2023-security-releases https://nodejs.org/en/blog/vulnerability/october-2023-security-releases
RHSA-2023:5849 https://access.redhat.com/errata/RHSA-2023:5849
RHSA-2023:5869 https://access.redhat.com/errata/RHSA-2023:5869
RHSA-2023:7205 https://access.redhat.com/errata/RHSA-2023:7205
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39333.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://nodejs.org/en/blog/vulnerability/october-2023-security-releases
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-09T18:03:18Z/ Found at https://nodejs.org/en/blog/vulnerability/october-2023-security-releases
Exploit Prediction Scoring System (EPSS)
Percentile 0.26407
EPSS Score 0.00094
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:01:17.543452+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202505-11 38.0.0