CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Circl•added 2026/03/25 3:0 a.m.•2 views

CVE-2026-21715

creationtimestamp| type| source ---|---|--- 2026-03-25 03:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/node-js-multiple-vulnerabilities20260325 2026-03-30 20:00:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3micharnlb322...

3.3CVSS6.3AI score0.00158EPSS

OSSF Malicious Packages•added 2026/03/25 12:11 a.m.•6 views

Malicious code in @xvortexsockets/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6fe781d4e79519992d2b0f37577515da41d7e0deb2f9f32df7c39dfb8de3916 The package @xvortexsockets/baileys was found to contain malicious code. Source: ghsa-malware...

Tenable Nessus•added 2026/03/25 12:0 a.m.•1 views

Exploits0References1

Linux Distros Unpatched Vulnerability : CVE-2026-71717

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - nodejs - None CVE-2026-71717 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, Inc...

Tenable Nessus•added 2026/03/25 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2026-21712

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN...

5.7CVSS6.8AI score0.00325EPSS

Tenable Nessus•added 2026/03/25 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-21716

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their...

3.3CVSS6.6AI score0.00395EPSS

Tenable Nessus•added 2026/03/25 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-21714

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOWUPDATE frames on stream 0 connection-level that cause the flow control window to exceed...

5.3CVSS6.6AI score0.00454EPSS

Tenable Nessus•added 2026/03/25 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-21710

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses...

7.5CVSS7.1AI score0.13066EPSS

Tenable Nessus•added 2026/03/25 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-21715

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js Permission Model filesystem enforcement leaves fs.realpathSync.native without the required read permission checks, while all comparable...

3.3CVSS6.5AI score0.00158EPSS

OSSF Malicious Packages•added 2026/03/24 3:44 p.m.•8 views

Malicious code in env-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9fdb2ca296901d2020b959a63ec369c661ac063698529ced5230cd04717a5c0 The package env-nodejs was found to contain malicious code...

5.9AI score

OSV•added 2026/03/24 3:44 p.m.•4 views

MAL-2026-2365 Malicious code in env-nodejs (npm)

Node JS Blog•added 2026/03/24 12:0 a.m.•18 views

Tuesday, March 24, 2026 Security Releases

Tuesday, March 24, 2026 Security Releases Security releases available Updates are now available for the 25.x, 24.x, 22.x, 20.x Node.js release lines for the following issues. This security release includes the following dependency updates to address public vulnerabilities: undici 6.24.1, 7.24.4 o...

7.5CVSS6.6AI score0.13066EPSS

vulnersOsv•added 2026/03/23 6:30 a.m.•6 views

@1auth/authn-webauthn (>=0.0.0-alpha.0 <=0.0.0-alpha.3), @agentic/stdlib (>=7.4.0 <=7.6.9) +786 more potentially affected by CVE-2026-4598 via jsrsasign (>=0.0.3 <=11.1.0)

jsrsasign NPM version =0.0.3, =0.0.0-alpha.0, =7.4.0, =7.4.0, =6.0.0-A.3-8242, =1.0.0-1.0.1.0, =1.0.0-1.0.1.0, =0.0.3-alpha.0, =2.0.0, =2.7.1, =6.0.0, =6.0.0, =0.1.0, =1.0.0, =5.0.0-3998.0 and more Source cves: CVE-2026-4598 Source advisory: OSV:GHSA-8G7P-JF3G-GXCP...

8.7CVSS5.4AI score0.004EPSS

Exploits1

F5 Networks•added 2026/03/19 3:56 a.m.•7 views

K000160399: Node.js vulnerability CVE-2025-59464

Security Advisory Description A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory, allowing remote clients to trigger...

7.5CVSS6.8AI score0.0023EPSS

Redos•added 2026/03/19 12:0 a.m.•4 views

ROS-20260319-73-0004

Vulnerability in nodejs related to lack of memory release after effective lifetime. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

3.1CVSS5.8AI score0.00254EPSS

Snyk•added 2026/03/18 4:18 p.m.•3 views

Directory Traversal

Overview org.webjars.npm:h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Directory Traversal via the serveStatic function. An attacker can access arbitrary files outside the intended static directory by sending crafted...

8.2CVSS6.5AI score

OSV•added 2026/03/18 12:47 p.m.•4 views

MAL-2026-1715 Malicious code in dotenv-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14a15bdceba2f650e2c3d04e2be33994e406c2548812e89a520fc511c2529266 The package dotenv-nodejs was found to contain malicious code...