Lucene search
K

79 matches found

OSV
OSV
added 2026/06/29 5:48 a.m.6 views

BIT-NODE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.4CVSS6.1AI score0.00256EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 5:48 a.m.7 views

BIT-NODE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS7.1AI score0.00674EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 2:16 a.m.10 views

ALPINE-CVE-2026-48933

A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS7.1AI score0.02806EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 2:16 a.m.3 views

ALPINE-CVE-2026-48619

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS6.3AI score0.00656EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 2:50 p.m.5 views

BIT-NODE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS5.9AI score0.00208EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/22 6:59 p.m.46 views

CVE-2026-48931

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.7CVSS0.00371EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/06/20 2:29 a.m.11 views

SUSE CVE-2026-48937

A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a GOAWAY frame. This vulnerability affects two supported release lines: Node.js 22 and Node.js 24...

5.3CVSS6AI score0.00445EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2026/06/18 6:1 p.m.5 views

CVE-2026-48937

A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a GOAWAY frame. This vulnerability affects two supported release lines: Node.js 22 and Node.js 24...

5.3CVSS5.8AI score0.00445EPSS
Exploits0
OSV
OSV
added 2026/03/30 8:16 p.m.6 views

ALPINE-CVE-2026-21714

A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOWUPDATE frames on stream 0 connection-level that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up. This vulnerabili...

5.3CVSS5.9AI score0.00454EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.8 views

Node.js 安全漏洞

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. Security vulnerabilities exist in Node.js versions 20.x, 22.x, 24.x, and 25.x. These vulnerabilities stem from the lack of permission checks for FileHandle.chmod and FileHandle.chown durin...

3.3CVSS6.8AI score0.00159EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-2419

Malware in sbrugna...

7.5CVSS7.4AI score0.44824EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-29122

Malware in sbrugna...

7.8CVSS6.2AI score0.00714EPSS
Exploits0References18
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-26983

Malicious code in bioql PyPI...

8.2CVSS7AI score0.21514EPSS
Exploits0References18
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-2033

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.03906EPSS
Exploits1References20
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-3253

Malicious code in bioql PyPI...

9.8CVSS9AI score0.01085EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-19623

Malicious code in bioql PyPI...

7.3CVSS7.1AI score0.00893EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-31362

Malicious code in bioql PyPI...

7.4CVSS7AI score0.08373EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2018-12121

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests wi...

7.5CVSS7.4AI score0.10207EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-8287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields...

6.5CVSS7.4AI score0.16296EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-15606

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons CVE-2019-15606 No...

9.8CVSS7.6AI score0.20041EPSS
Exploits1References2
Rows per page
Query Builder