Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-48934 |
|
Vulnerability in nodejs (CVE-2026-48934)
vulnerability in nodejs (CVE-2026-48934). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48936 |
|
Vulnerability in nodejs (CVE-2026-48936)
vulnerability in nodejs (CVE-2026-48936). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48935 |
|
Vulnerability in nodejs (CVE-2026-48935)
vulnerability in nodejs (CVE-2026-48935). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48928 |
|
Vulnerability in nodejs (CVE-2026-48928)
vulnerability in nodejs (CVE-2026-48928). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48615 |
|
Vulnerability in nodejs (CVE-2026-48615)
vulnerability in nodejs (CVE-2026-48615). Confidential information can be exposed externally. Exploitable via ``ERR_PROXY_TUNNEL``.
|
| CVE-2026-48619 |
|
Vulnerability in nodejs (CVE-2026-48619)
vulnerability in nodejs (CVE-2026-48619). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48933 |
|
Vulnerability in nodejs (CVE-2026-48933)
vulnerability in nodejs (CVE-2026-48933). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48618 |
|
Vulnerability in nodejs (CVE-2026-48618)
vulnerability in nodejs (CVE-2026-48618). Confidential information can be exposed externally.
|
| CVE-2026-48930 |
|
Vulnerability in c (CVE-2026-48930)
vulnerability in c (CVE-2026-48930). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54639 |
|
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `c...
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `convertTokenData(tokens, { output: 'object' });`; indirect usage, via using Expand API; and/or indire...
|
| CVE-2026-48931 |
|
Vulnerability in nodejs (CVE-2026-48931)
vulnerability in nodejs (CVE-2026-48931). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9697 |
|
Vulnerability in undici (CVE-2026-9697)
vulnerability in undici (CVE-2026-9697). Confidential information can be exposed externally. Exploitable via ``ProxyAgent``. Mitigation: upgrade to `8.5.0` or later.
|
| CVE-2026-9679 |
|
Vulnerability in undici (CVE-2026-9679)
vulnerability in undici (CVE-2026-9679). Data can be tampered with by attackers. Exploitable via ``parseSetCookie``. Mitigation: upgrade to `8.5.0` or later.
|
| CVE-2026-9678 |
|
Vulnerability in undici (CVE-2026-9678)
vulnerability in undici (CVE-2026-9678). Confidential information can be exposed externally. Exploitable via ``private``. Mitigation: upgrade to `8.5.0` or later.
|
| CVE-2026-6734 |
|
Vulnerability in undici (CVE-2026-6734)
vulnerability in undici (CVE-2026-6734). Successful exploitation can lead to full system takeover. Exploitable via ``Socks5ProxyAgent``. Mitigation: upgrade to `8.2.0` or later.
|
| CVE-2026-6733 |
|
Vulnerability in undici (CVE-2026-6733)
vulnerability in undici (CVE-2026-6733). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.5.0` or later.
|
| CVE-2026-11525 |
|
Vulnerability in undici (CVE-2026-11525)
vulnerability in undici (CVE-2026-11525). Risk of unauthorized operations or information disclosure. Exploitable via ``SameSite``. Mitigation: upgrade to `8.5.0` or later.
|
| CVE-2026-9675 |
|
Vulnerability in undici (CVE-2026-9675)
vulnerability in undici (CVE-2026-9675). Risk of unauthorized operations or information disclosure. Exploitable via ``maxPayloadSize``. Mitigation: upgrade to `8.5.0` or later.
|
| CVE-2026-12151 |
|
Vulnerability in undici (CVE-2026-12151)
vulnerability in undici (CVE-2026-12151). Risk of unauthorized operations or information disclosure. Exploitable via ``maxPayloadSize``. Mitigation: upgrade to `8.5.0` or later.
|
| CVE-2026-53864 |
|
OpenClaw: Host environment sanitizer missed two Node.js control variables
OpenClaw: Host environment sanitizer missed two Node.js control variables
|
| CVE-2026-44313 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)
SSRF in ssrf (CVE-2026-44313). Confidential information can be exposed externally. Exploitable via `GET /api/v1/archives/{linkId}`.
|
| CVE-2026-41512 |
|
Code Injection in gem (CVE-2026-41512)
code injection in gem (CVE-2026-41512). Successful exploitation can lead to full system takeover. Exploitable via `POST /targets/auto_detect_selectors`.
|
| CVE-2026-43944 |
|
Vulnerability in electerm (CVE-2026-43944)
vulnerability in electerm (CVE-2026-43944). Successful exploitation can lead to full system takeover. Exploitable via ``opts``. Mitigation: upgrade to `> 3.8.8` or later.
|
| CVE-2025-63706 |
|
Code Injection in npm (CVE-2025-63706)
code injection in npm (CVE-2025-63706). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26956 |
|
Vulnerability in vm2-project (CVE-2026-26956)
vulnerability in vm2-project (CVE-2026-26956). Successful exploitation can lead to full system takeover. Exploitable via ``catch``.
|
| CVE-2026-24781 |
|
Code Injection in vm2-project (CVE-2026-24781)
code injection in vm2-project (CVE-2026-24781). Successful exploitation can lead to full system takeover. Exploitable via ``inspect``.
|
| CVE-2026-24120 |
|
Code Injection in vm2-project (CVE-2026-24120)
code injection in vm2-project (CVE-2026-24120). Successful exploitation can lead to full system takeover. Exploitable via ``resetPromiseSpecies``.
|
| CVE-2026-24118 |
|
Code Injection in vm2-project (CVE-2026-24118)
code injection in vm2-project (CVE-2026-24118). Successful exploitation can lead to full system takeover. Exploitable via ``__lookupGetter__``.
|
| CVE-2026-1528 |
|
Vulnerability in nodejs (CVE-2026-1528)
vulnerability in nodejs (CVE-2026-1528). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2229 |
|
Vulnerability in c (CVE-2026-2229)
vulnerability in c (CVE-2026-2229). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1526 |
|
Vulnerability in nodejs (CVE-2026-1526)
vulnerability in nodejs (CVE-2026-1526). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-59465 |
|
Vulnerability in dos (CVE-2025-59465)
vulnerability in dos (CVE-2025-59465). Risk of unauthorized operations or information disclosure. Exploitable via ``HPACK``.
|
| CVE-2025-55130 |
|
Vulnerability in nodejs (CVE-2025-55130)
vulnerability in nodejs (CVE-2025-55130). Confidential information can be exposed externally.
|
| CVE-2024-3566 |
|
Command Injection in node (CVE-2024-3566)
command injection in node (CVE-2024-3566). Successful exploitation can lead to full system takeover. Exploitable via ``cmd.exe``. Mitigation: upgrade to `18.19.0` or later.
|
| CVE-2023-44487 KEV |
|
[KEV] Vulnerability in Ietf golang.org/x/net (CVE-2023-44487)
vulnerability in Ietf golang.org/x/net (CVE-2023-44487). Risk of unauthorized operations or information disclosure. Exploitable via ``Channel``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `0.17.0` or later.
|
| CVE-2022-0778 |
|
Vulnerability in dos (CVE-2022-0778)
vulnerability in dos (CVE-2022-0778). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-1971 |
|
Vulnerability in dos (CVE-2020-1971)
vulnerability in dos (CVE-2020-1971). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-15896 |
|
Vulnerability in nodejs (CVE-2017-15896)
vulnerability in nodejs (CVE-2017-15896). Confidential information can be exposed externally.
|
| CVE-2017-15897 |
|
Vulnerability in nodejs (CVE-2017-15897)
vulnerability in nodejs (CVE-2017-15897). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-3738 |
|
Information Disclosure in openssl (CVE-2017-3738)
vulnerability in openssl (CVE-2017-3738). Confidential information can be exposed externally.
|
| CVE-2017-14919 |
|
Vulnerability in dos (CVE-2017-14919)
vulnerability in dos (CVE-2017-14919). Risk of unauthorized operations or information disclosure.
|
| CVE-2014-3744 |
|
Path Traversal in path-traversal (CVE-2014-3744)
path traversal in path-traversal (CVE-2014-3744). Confidential information can be exposed externally.
|
| CVE-2015-7384 |
|
Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.
Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.
|
| CVE-2017-14849 |
|
Path Traversal in nodejs (CVE-2017-14849)
path traversal in nodejs (CVE-2017-14849). Confidential information can be exposed externally.
|
| CVE-2015-2927 |
|
Vulnerability in dos (CVE-2015-2927)
vulnerability in dos (CVE-2015-2927). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11499 |
|
Vulnerability in dos (CVE-2017-11499)
vulnerability in dos (CVE-2017-11499). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-1000381 |
|
Information Disclosure in c (CVE-2017-1000381)
vulnerability in c (CVE-2017-1000381). Confidential information can be exposed externally.
|
| CVE-2016-9843 |
|
Vulnerability in c (CVE-2016-9843)
vulnerability in c (CVE-2016-9843). Successful exploitation can lead to full system takeover.
|
| CVE-2016-9840 |
|
Vulnerability in c (CVE-2016-9840)
vulnerability in c (CVE-2016-9840). Successful exploitation can lead to full system takeover.
|
| CVE-2016-9841 |
|
Vulnerability in c (CVE-2016-9841)
vulnerability in c (CVE-2016-9841). Successful exploitation can lead to full system takeover.
|