Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: nodejs Clear
ID Title
CVE-2026-48934 Vulnerability in nodejs (CVE-2026-48934)
vulnerability in nodejs (CVE-2026-48934). Risk of unauthorized operations or information disclosure.
CVE-2026-48936 Vulnerability in nodejs (CVE-2026-48936)
vulnerability in nodejs (CVE-2026-48936). Risk of unauthorized operations or information disclosure.
CVE-2026-48935 Vulnerability in nodejs (CVE-2026-48935)
vulnerability in nodejs (CVE-2026-48935). Risk of unauthorized operations or information disclosure.
CVE-2026-48928 Vulnerability in nodejs (CVE-2026-48928)
vulnerability in nodejs (CVE-2026-48928). Risk of unauthorized operations or information disclosure.
CVE-2026-48615 Vulnerability in nodejs (CVE-2026-48615)
vulnerability in nodejs (CVE-2026-48615). Confidential information can be exposed externally. Exploitable via ``ERR_PROXY_TUNNEL``.
CVE-2026-48619 Vulnerability in nodejs (CVE-2026-48619)
vulnerability in nodejs (CVE-2026-48619). Risk of unauthorized operations or information disclosure.
CVE-2026-48933 Vulnerability in nodejs (CVE-2026-48933)
vulnerability in nodejs (CVE-2026-48933). Risk of unauthorized operations or information disclosure.
CVE-2026-48618 Vulnerability in nodejs (CVE-2026-48618)
vulnerability in nodejs (CVE-2026-48618). Confidential information can be exposed externally.
CVE-2026-48930 Vulnerability in c (CVE-2026-48930)
vulnerability in c (CVE-2026-48930). Successful exploitation can lead to full system takeover.
CVE-2026-54639 Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `c...
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `convertTokenData(tokens, { output: 'object' });`; indirect usage, via using Expand API; and/or indire...
CVE-2026-48931 Vulnerability in nodejs (CVE-2026-48931)
vulnerability in nodejs (CVE-2026-48931). Risk of unauthorized operations or information disclosure.
CVE-2026-9697 Vulnerability in undici (CVE-2026-9697)
vulnerability in undici (CVE-2026-9697). Confidential information can be exposed externally. Exploitable via ``ProxyAgent``. Mitigation: upgrade to `8.5.0` or later.
CVE-2026-9679 Vulnerability in undici (CVE-2026-9679)
vulnerability in undici (CVE-2026-9679). Data can be tampered with by attackers. Exploitable via ``parseSetCookie``. Mitigation: upgrade to `8.5.0` or later.
CVE-2026-9678 Vulnerability in undici (CVE-2026-9678)
vulnerability in undici (CVE-2026-9678). Confidential information can be exposed externally. Exploitable via ``private``. Mitigation: upgrade to `8.5.0` or later.
CVE-2026-6734 Vulnerability in undici (CVE-2026-6734)
vulnerability in undici (CVE-2026-6734). Successful exploitation can lead to full system takeover. Exploitable via ``Socks5ProxyAgent``. Mitigation: upgrade to `8.2.0` or later.
CVE-2026-6733 Vulnerability in undici (CVE-2026-6733)
vulnerability in undici (CVE-2026-6733). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.5.0` or later.
CVE-2026-11525 Vulnerability in undici (CVE-2026-11525)
vulnerability in undici (CVE-2026-11525). Risk of unauthorized operations or information disclosure. Exploitable via ``SameSite``. Mitigation: upgrade to `8.5.0` or later.
CVE-2026-9675 Vulnerability in undici (CVE-2026-9675)
vulnerability in undici (CVE-2026-9675). Risk of unauthorized operations or information disclosure. Exploitable via ``maxPayloadSize``. Mitigation: upgrade to `8.5.0` or later.
CVE-2026-12151 Vulnerability in undici (CVE-2026-12151)
vulnerability in undici (CVE-2026-12151). Risk of unauthorized operations or information disclosure. Exploitable via ``maxPayloadSize``. Mitigation: upgrade to `8.5.0` or later.
CVE-2026-53864 OpenClaw: Host environment sanitizer missed two Node.js control variables
OpenClaw: Host environment sanitizer missed two Node.js control variables
CVE-2026-44313 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)
SSRF in ssrf (CVE-2026-44313). Confidential information can be exposed externally. Exploitable via `GET /api/v1/archives/{linkId}`.
CVE-2026-41512 Code Injection in gem (CVE-2026-41512)
code injection in gem (CVE-2026-41512). Successful exploitation can lead to full system takeover. Exploitable via `POST /targets/auto_detect_selectors`.
CVE-2026-43944 Vulnerability in electerm (CVE-2026-43944)
vulnerability in electerm (CVE-2026-43944). Successful exploitation can lead to full system takeover. Exploitable via ``opts``. Mitigation: upgrade to `> 3.8.8` or later.
CVE-2025-63706 Code Injection in npm (CVE-2025-63706)
code injection in npm (CVE-2025-63706). Successful exploitation can lead to full system takeover.
CVE-2026-26956 Vulnerability in vm2-project (CVE-2026-26956)
vulnerability in vm2-project (CVE-2026-26956). Successful exploitation can lead to full system takeover. Exploitable via ``catch``.
CVE-2026-24781 Code Injection in vm2-project (CVE-2026-24781)
code injection in vm2-project (CVE-2026-24781). Successful exploitation can lead to full system takeover. Exploitable via ``inspect``.
CVE-2026-24120 Code Injection in vm2-project (CVE-2026-24120)
code injection in vm2-project (CVE-2026-24120). Successful exploitation can lead to full system takeover. Exploitable via ``resetPromiseSpecies``.
CVE-2026-24118 Code Injection in vm2-project (CVE-2026-24118)
code injection in vm2-project (CVE-2026-24118). Successful exploitation can lead to full system takeover. Exploitable via ``__lookupGetter__``.
CVE-2026-1528 Vulnerability in nodejs (CVE-2026-1528)
vulnerability in nodejs (CVE-2026-1528). Risk of unauthorized operations or information disclosure.
CVE-2026-2229 Vulnerability in c (CVE-2026-2229)
vulnerability in c (CVE-2026-2229). Risk of unauthorized operations or information disclosure.
CVE-2026-1526 Vulnerability in nodejs (CVE-2026-1526)
vulnerability in nodejs (CVE-2026-1526). Risk of unauthorized operations or information disclosure.
CVE-2025-59465 Vulnerability in dos (CVE-2025-59465)
vulnerability in dos (CVE-2025-59465). Risk of unauthorized operations or information disclosure. Exploitable via ``HPACK``.
CVE-2025-55130 Vulnerability in nodejs (CVE-2025-55130)
vulnerability in nodejs (CVE-2025-55130). Confidential information can be exposed externally.
CVE-2024-3566 Command Injection in node (CVE-2024-3566)
command injection in node (CVE-2024-3566). Successful exploitation can lead to full system takeover. Exploitable via ``cmd.exe``. Mitigation: upgrade to `18.19.0` or later.
CVE-2023-44487 KEV [KEV] Vulnerability in Ietf golang.org/x/net (CVE-2023-44487)
vulnerability in Ietf golang.org/x/net (CVE-2023-44487). Risk of unauthorized operations or information disclosure. Exploitable via ``Channel``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `0.17.0` or later.
CVE-2022-0778 Vulnerability in dos (CVE-2022-0778)
vulnerability in dos (CVE-2022-0778). Risk of unauthorized operations or information disclosure.
CVE-2020-1971 Vulnerability in dos (CVE-2020-1971)
vulnerability in dos (CVE-2020-1971). Risk of unauthorized operations or information disclosure.
CVE-2017-15896 Vulnerability in nodejs (CVE-2017-15896)
vulnerability in nodejs (CVE-2017-15896). Confidential information can be exposed externally.
CVE-2017-15897 Vulnerability in nodejs (CVE-2017-15897)
vulnerability in nodejs (CVE-2017-15897). Risk of unauthorized operations or information disclosure.
CVE-2017-3738 Information Disclosure in openssl (CVE-2017-3738)
vulnerability in openssl (CVE-2017-3738). Confidential information can be exposed externally.
CVE-2017-14919 Vulnerability in dos (CVE-2017-14919)
vulnerability in dos (CVE-2017-14919). Risk of unauthorized operations or information disclosure.
CVE-2014-3744 Path Traversal in path-traversal (CVE-2014-3744)
path traversal in path-traversal (CVE-2014-3744). Confidential information can be exposed externally.
CVE-2015-7384 Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.
Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.
CVE-2017-14849 Path Traversal in nodejs (CVE-2017-14849)
path traversal in nodejs (CVE-2017-14849). Confidential information can be exposed externally.
CVE-2015-2927 Vulnerability in dos (CVE-2015-2927)
vulnerability in dos (CVE-2015-2927). Risk of unauthorized operations or information disclosure.
CVE-2017-11499 Vulnerability in dos (CVE-2017-11499)
vulnerability in dos (CVE-2017-11499). Risk of unauthorized operations or information disclosure.
CVE-2017-1000381 Information Disclosure in c (CVE-2017-1000381)
vulnerability in c (CVE-2017-1000381). Confidential information can be exposed externally.
CVE-2016-9843 Vulnerability in c (CVE-2016-9843)
vulnerability in c (CVE-2016-9843). Successful exploitation can lead to full system takeover.
CVE-2016-9840 Vulnerability in c (CVE-2016-9840)
vulnerability in c (CVE-2016-9840). Successful exploitation can lead to full system takeover.
CVE-2016-9841 Vulnerability in c (CVE-2016-9841)
vulnerability in c (CVE-2016-9841). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →