Lucene search
+L

159 matches found

amazon
amazon
added 2026/04/13 12:0 a.m.7 views

Important: nodejs24

Issue Overview: A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called ...

7.5CVSS7.2AI score0.26356EPSS
Exploits1
cgr
cgr
added 2026/04/11 2:19 a.m.10 views

GHSA-6R7G-3MM3-FHW7 vulnerabilities

Vulnerabilities for packages: nodejs...

5.8AI score
Exploits0
cnnvd
cnnvd
added 2026/03/30 12:0 a.m.8 views

Node.js 安全漏洞

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. There is a security vulnerability in Node.js, which stems from improper handling of URLs. When the url.format function is called with an internationalized domain name containing invalid...

5.7CVSS6.8AI score0.00325EPSS
Exploits0References2
openvas
openvas
added 2026/03/30 12:0 a.m.8 views

Mageia: Security Advisory (MGASA-2026-0071)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.26356EPSS
Exploits0References4
f5
f5
added 2026/03/19 3:56 a.m.9 views

K000160399: Node.js vulnerability CVE-2025-59464

Security Advisory Description A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory, allowing remote clients to trigger...

7.5CVSS6.8AI score0.0023EPSS
Exploits0
nessus
nessus
added 2026/02/17 12:0 a.m.4 views

RHEL 9 : nodejs:20 (RHSA-2026:2768)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2768 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

9.1CVSS5.7AI score0.03782EPSS
Exploits2References8
cbl_mariner
cbl_mariner
added 2026/02/02 3:31 p.m.9 views

CVE-2025-55131 affecting package nodejs for versions less than 20.14.0-11

CVE-2025-55131 affecting package nodejs for versions less than 20.14.0-11. A patched version of the package is available...

7.1CVSS5.3AI score0.03493EPSS
Exploits0
nessus
nessus
added 2026/01/28 12:0 a.m.6 views

NewStart CGSL MAIN 6.06 : nodejs Multiple Vulnerabilities (NS-SA-2025-0241)

The remote NewStart CGSL host, running version MAIN 6.06, has nodejs packages installed that are affected by multiple vulnerabilities: - The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects...

9.8CVSS7.2AI score0.87806EPSS
Exploits26References105
cvelist
cvelist
added 2026/01/26 9:32 p.m.22 views

CVE-2026-22709 vm2 has a Sandbox Escape

vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of...

9.8CVSS0.01222EPSS
Exploits1References3
nessus
nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: nodejs (CVE-2025-23165)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23165 advisory. - In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-1...

3.7CVSS5.8AI score0.0048EPSS
Exploits0References2
nessus
nessus
added 2026/01/22 12:0 a.m.2 views

Azure Linux 3.0 Security Update: nodejs (CVE-2024-21896)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21896 advisory. - The permission model protects itself against path traversal attacks by calling path.resolve on any paths giv...

9.8CVSS5.5AI score0.01262EPSS
Exploits0References2
nessus
nessus
added 2026/01/22 12:0 a.m.8 views

Azure Linux 3.0 Security Update: nodejs (CVE-2024-24758)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24758 advisory. - Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers...

4.5CVSS7.8AI score0.00765EPSS
Exploits0References2
github
github
added 2026/01/20 9:31 p.m.12 views

binary-parser library has a code injection vulnerability

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...

6.5CVSS6.5AI score0.00505EPSS
Exploits0References8Affected Software1
osv
osv
added 2026/01/20 9:16 p.m.8 views

AZL-75077 CVE-2025-59465 affecting package nodejs for versions less than 20.14.0-13

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

7.5CVSS7.2AI score0.03782EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/01/20 12:0 a.m.7 views

Node.js security vulnerabilities

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. There are security vulnerabilities in Node.js, where the error related to the maximum call stack size when enabling asynchooks.createHook makes it impossible to catch certain exceptions,...

7.5CVSS7.1AI score0.00624EPSS
Exploits0References2
nessus
nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : rh-nodejs10-nodejs-10.24.0-1.el7 (AXSA:2021-1588:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1588:02 advisory. nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion CVE-2021-22883 nodejs: DNS rebinding in --inspect CVE-2021-22884 Tenable has...

7.8CVSS7.7AI score0.77385EPSS
Exploits1References3
nessus
nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : rh-nodejs10-nodejs-10.21.0-3.el7 (AXSA:2020-228:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-228:02 advisory. ICU: Integer overflow in UnicodeString::doAppend CVE-2020-10531 nghttp2: overly large SETTINGS frames can lead to DoS CVE-2020-11080 nodejs-minimist:...

9.3CVSS7.6AI score0.07646EPSS
Exploits3References5
cert
cert
added 2026/01/20 12:0 a.m.9 views

Code injection vulnerability in binary-parser library

Overview The binary-parser library for Node.js contains a code injection vulnerability that may allow arbitrary JavaScript code execution if untrusted input is used to construct parser definitions. Versions prior to 2.3.0 are affected. The issue has been resolved by the developer in a public...

6.5CVSS7AI score0.00505EPSS
Exploits0References3
nessus
nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 8 : nodejs:16 (AXSA:2022-3844:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3844:01 advisory. nodejs-ansi-regex: Regular expression denial of service ReDoS matching ANSI escape codes CVE-2021-3807 nodejs: DNS rebinding in --inspect via invali...

8.1CVSS8.3AI score0.81464EPSS
Exploits4References7
nessus
nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 8 : nodejs:18 (AXSA:2022-4480:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4480:01 advisory. nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields CVE-2022-35256...

9.1CVSS8.5AI score0.02587EPSS
Exploits2References3
Rows per page
Query Builder