Filter
Software
Node.jsNode.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089
8.8
EPSS
0.04%
First published (updated )
Node.jsNode.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089
8.8
EPSS
0.04%
First published (updated )
Node.jsNode.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089
8.8
EPSS
0.04%
First published (updated )
Node.jsNode.js security updates: CVE-2025-23083, CVE-2025-23084, CVE-2025-23085
7.7
EPSS
0.04%
First published (updated )
Node.jsWith the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker threa…
7.7
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
body-parserbody-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of se…
7
First published (updated )
indutny Elliptic Node.jsThe verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js …
7
First published (updated )
Node.jsThe use of Module._load() can bypass the policy mechanism and require modules outside of the policy.…
7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
npm/undiciUndici Uses Insufficiently Random Values
6.8
EPSS
0.04%
First published (updated )
Node.jsNode.js security updates: CVE-2025-23083, CVE-2025-23084, CVE-2025-23085
5.6
EPSS
0.04%
First published (updated )
Node.jsNode.js security updates: CVE-2025-23083, CVE-2025-23084, CVE-2025-23085
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Node.jsMalformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a co…
First published (updated )
Node.jsA vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack throug…
First published (updated )
Node.jsA security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network…
First published (updated )
indutny Elliptic Node.jsIn the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a mi…
First published (updated )
Node.jsThe use of module.constructor.createRequire() can bypass the policy mechanism and require modules ou…
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Node.jsThe use of the deprecated API process.binding() can bypass the policy mechanism by requiring interna…
First published (updated )
Node.jsundici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequen…
First published (updated )
Node.jsHi upstream just released nodejs 14.21.1 to fix <a href="https://access.redhat.com/security/cve/CVE-…
First published (updated )
Node.jsWhen the Node.js policy feature checks the integrity of a resource against a trusted manifest, the a…
First published (updated )
Node.jsThe following issue was found in node: The SIGQUIT routine fails to close the app leaving the IP so…
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Node.jsThe generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (o…
First published (updated )
Node.jsThe use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require m…
First published (updated )
Node.jsA vulnerability has been identified in Node.js, affecting users of the experimental permission model…
1
First published (updated )
Node.jsA vulnerability has been identified in Node.js, affecting users of the experimental permission model…
1
First published (updated )
Node.jsMaliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The i…
1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.