Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4323 matches found

Vulnrichment
Vulnrichmentadded 2025/08/28 5:10 p.m.0 views

CVE-2025-58047 Volto affected by possible DoS by invoking specific URL by anonymous user

Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when...

7.5CVSS6.1AI score0.00171EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/28 3:51 p.m.4 views

Security Bulletin: IBM Transformation Advisor is affected by vulnerability found in Node.js (CVE-2025-7338)

Summary There is a vulnerability in Node.js used by IBM Transformation Advisor, The issues have been addressed in an update. Vulnerability Details CVEID:CVE-2025-7338 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version...

7.5CVSS9.1AI score0.0004EPSS
Exploits0Affected Software1
OSV
OSVadded 2025/08/28 3:34 p.m.0 views

GHSA-XJHF-7833-3PM5 Volto affected by possible DoS by invoking specific URL by anonymous user

Impact When visiting a specific URL, an anonymous user could cause the NodeJS server part of Volto to quit with an error. Patches The problem has been patched and the patch has been backported to Volto major versions down until 16. It is advised to upgrade to the latest patch release of your...

7.5CVSS6.8AI score0.00171EPSS
Exploits0References9
Tenable Nessus
Tenable Nessusadded 2025/08/28 12:0 a.m.2 views

RockyLinux 8 : nodejs:22 (RLSA-2025:11803)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:11803 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note tha...

9.8CVSS7AI score0.01689EPSS
Exploits3References3
Positive Technologies
Positive Technologiesadded 2025/08/28 12:0 a.m.2 views

PT-2025-35112

Name of the Vulnerable Software and Affected Versions Volto versions 19.0.0-alpha.1 through 19.0.0-alpha.4 Volto versions 18.0.0 through 18.24.0 Volto versions 17.0.0 through 17.22.1 Volto versions prior to 16.34.0 Description Volto, a React-based frontend for the Plone Content Management System,...

7.5CVSS6.5AI score0.00171EPSS
Exploits0References23
OSV
OSVadded 2025/08/27 2:40 p.m.5 views

CLSA-2025-1756305640 nodejs: Fix of CVE-2024-28863

CVE-2024-28863: prevent extraction in excessively deep sub-folders to address unlimited sub-folders vulnerability...

6.5CVSS6.6AI score0.00663EPSS
Exploits1References1
Tenable Nessus
Tenable Nessusadded 2025/08/25 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2015-8857

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers...

9.8CVSS8.2AI score0.0027EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/08/25 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2016-2086

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks vi...

7.5CVSS7.8AI score0.00482EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/25 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2015-8861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting XSS attacks by leveraging a template with an attribute...

6.1CVSS6.5AI score0.00317EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/24 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2016-10539

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for Accept-Language, when...

7.5CVSS7.2AI score0.00328EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/20 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-11499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote D...

7.5CVSS7.9AI score0.00545EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/08/20 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-47153

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Certain build processes for libuv and Node.js for 32-bit systems, such as for the nodejs binary package through nodejs20.19.0+dfsg-2i386.deb for Debian GNU/Linu...

6.5CVSS7AI score0.00692EPSS
Exploits0References2
Amazon
Amazonadded 2025/08/18 12:0 a.m.5 views

Medium: nodejs22

Issue Overview: There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. CVE-2025-6965 Affected Packages: nodejs2...

9.8CVSS6.8AI score0.01689EPSS
Exploits3
Tenable Nessus
Tenable Nessusadded 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-13822

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could...

7.7CVSS6.8AI score0.00411EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-22930

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change...

9.8CVSS6.7AI score0.00323EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-14939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the mysql aka mysqljs module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default. CVE-2019-14939 Note that Nessu...

5.5CVSS5.6AI score0.00059EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-44533

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects...

5.3CVSS6.6AI score0.00364EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-33587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

7.5CVSS7.1AI score0.00172EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-18869

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via...

2.5CVSS6.8AI score0.00048EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/08/14 6:52 p.m.4 views

Malicious code in hermes-celeste-react-bootstrap-nodejs (npm)

The package hermes-celeste-react-bootstrap-nodejs was found to contain malicious code...

7AI score
Exploits0
Rows per page
Query Builder