Node.js Security Vulnerabilities and Issues — Node.js CVE List | Vulners.com

Lucene search

K

NodejsNode.js

14 matches found

CVE•added 2020/12/08 4:15 p.m.•1019 views

CVE-2020-1971

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrec...

5.9CVSS5.7AI score0.00322EPSS

CVE•added 2020/03/12 7:15 p.m.•769 views

CVE-2020-10531

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

8.8CVSS8.7AI score0.00538EPSS

CVE•added 2020/06/03 11:15 p.m.•648 views

CVE-2020-11080

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes th...

7.5CVSS6.5AI score0.00566EPSS

CVE•added 2020/02/07 3:15 p.m.•461 views

CVE-2019-15605

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

9.8CVSS9.5AI score0.43322EPSS

CVE•added 2020/07/24 10:15 p.m.•365 views

CVE-2020-8174

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and

9.3CVSS8.1AI score0.00632EPSS

CVE•added 2020/11/19 1:15 a.m.•341 views

CVE-2020-8277

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and

7.5CVSS7.3AI score0.50405EPSS

CVE•added 2020/02/07 3:15 p.m.•281 views

CVE-2019-15606

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons

9.8CVSS9.4AI score0.03456EPSS

CVE•added 2020/09/18 9:15 p.m.•273 views

CVE-2020-8252

The implementation of realpath in libuv < 10.22.1, < 12.18.4, and

7.8CVSS7.9AI score0.00135EPSS

CVE•added 2020/02/07 3:15 p.m.•257 views

CVE-2019-15604

Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate

7.5CVSS8.2AI score0.03448EPSS

CVE•added 2020/09/18 9:15 p.m.•231 views

CVE-2020-8201

Node.js < 12.18.4 and

7.4CVSS7.1AI score0.01146EPSS

CVE•added 2020/06/08 2:15 p.m.•172 views

CVE-2020-8172

TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and

7.4CVSS7.4AI score0.00453EPSS

CVE•added 2020/09/18 9:15 p.m.•109 views

CVE-2020-8251

Node.js

7.5CVSS7.1AI score0.02199EPSS

CVE•added 2020/12/03 9:15 p.m.•74 views

CVE-2018-21270

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).

6.5CVSS6.2AI score0.0036EPSS

CVE•added 2020/02/11 5:15 p.m.•49 views

CVE-2014-9748

The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race con...

8.1CVSS8.4AI score0.00402EPSS