CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4306 matches found

CBLMariner•added 2026/02/02 3:31 p.m.•4 views

CVE-2026-21637 affecting package nodejs for versions less than 20.14.0-11

CVE-2026-21637 affecting package nodejs for versions less than 20.14.0-11. A patched version of the package is available...

7.5CVSS5.3AI score0.00056EPSS

Exploits0

CBLMariner•added 2026/02/02 3:31 p.m.•3 views

CVE-2025-59466 affecting package nodejs for versions less than 20.14.0-11

CVE-2025-59466 affecting package nodejs for versions less than 20.14.0-11. A patched version of the package is available...

7.5CVSS5.3AI score0.0003EPSS

Exploits0

GithubExploit•added 2026/02/01 5:25 p.m.•239 views

Exploit for CVE-2025-55130

CVE-2025-55130 - Node.js Permission Model Symlink Escape...

7.1CVSS6AI score0.00016EPSS

Exploits2

GithubExploit•added 2026/01/31 10:57 p.m.•159 views

Exploit for CVE-2026-25047

deephas = 1.0.8. References: - GitHub Advisory GHSA-2...

9.4CVSS5.9AI score0.00169EPSS

Exploits4

Fedora•added 2026/01/31 5:32 p.m.•3 views

[SECURITY] Fedora 43 Update: nodejs20-20.20.0-2.fc43

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

9.1CVSS7AI score0.00109EPSS

Exploits2

Tenable Nessus•added 2026/01/31 12:0 a.m.•5 views

Fedora 43 : nodejs24 (2026-5cd409edfa)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-5cd409edfa advisory. Update to version 24.13.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

9.1CVSS6.9AI score0.00109EPSS

Exploits2References9

Tenable Nessus•added 2026/01/31 12:0 a.m.•5 views

Fedora 42 : nodejs20 (2026-fb4878551d)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-fb4878551d advisory. Update to version 20.20.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

9.1CVSS6.9AI score0.00109EPSS

Exploits2References10

Tenable Nessus•added 2026/01/31 12:0 a.m.•5 views

Fedora 42 : nodejs22 (2026-b7ad50870e)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b7ad50870e advisory. Update to version 22.22.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

9.1CVSS6.9AI score0.00109EPSS

Exploits2References9

Tenable Nessus•added 2026/01/31 12:0 a.m.•4 views

Fedora 43 : nodejs22 (2026-8663c5f961)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-8663c5f961 advisory. Update to version 22.22.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

9.1CVSS6.9AI score0.00109EPSS

Exploits2References9

OSV•added 2026/01/30 5:34 p.m.•5 views

CLEANSTART-2026-WI75198 vulnerability has been identified in Node

Multiple security vulnerabilities affect the nodejs package. A vulnerability has been identified in Node. See references for individual vulnerability details...

9.8CVSS8.4AI score0.944EPSS

Exploits48References121

Hacker One•added 2026/01/30 2:35 p.m.•5 views

Node.js: Memory leak in Node.js HTTP/2 server via WINDOW_UPDATE on stream 0 leads to resource exhaustion

Vulnerability description not provided...

5.3CVSS6.2AI score0.00019EPSS

Exploits0

Tenable Nessus•added 2026/01/30 12:0 a.m.•5 views

Node.js Module vm2 < 3.10.2 Sandbox Breakout

The version of the Node.js module vm2 installed on the remote host is prior to 3.10.2. It is, therefore affected by a sandbox breakout vulnerability due to a flaw with the Promise.prototype.then and Promise.prototype.catch callback sanitization. An unauthenticated, remote attacker can exploit thi...

10CVSS9AI score0.00054EPSS

Exploits1References2

Tenable Nessus•added 2026/01/29 12:0 a.m.•2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: nodejs-form-data (UTSA-2026-005212)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005212 advisory. Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files...

9.4CVSS5.9AI score0.01319EPSS

Exploits1References4

The Hacker News•added 2026/01/28 11:50 a.m.•9 views

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating system. The vulnerability, tracked as CVE-2026-22709 , carries a CVSS score of 9.8 out of 10.0 on...

10CVSS7.5AI score0.84615EPSS

Exploits16