nodejs vulnerabilities

Known vulnerabilities in the nodejs package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L CVE-2024-22020	<20.15.1-r0
L CVE-2024-36137	<20.15.1-r0
H Insufficient Verification of Data Authenticity	<18.18.2-r0
L Information Exposure	<18.18.2-r0
M HTTP Request Smuggling	<16.17.1-r0
M Improper Certificate Validation	<16.13.2-r0
C Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	<16.17.1-r0
M HTTP Request Smuggling	<14.18.1-r0
M Cross-site Scripting (XSS)	<14.17.5-r0
C Use After Free	<14.17.4-r0
H Improper Certificate Validation	<12.15.0-r0
M Improper Input Validation	<8.11.0-r0
H Improper Input Validation	<8.11.0-r0
C HTTP Request Smuggling	<12.15.0-r0
H Improper Input Validation	<8.11.3-r0
L CVE-2025-23084	<22.13.1-r0
H Out-of-Bounds	<8.11.3-r0
L CVE-2025-23083	<22.13.1-r0
H Allocation of Resources Without Limits or Throttling	<10.16.3-r0
H Resource Exhaustion	<10.16.3-r0
H Allocation of Resources Without Limits or Throttling	<10.16.3-r0
M Untrusted Search Path	<18.14.1-r0
H CVE-2023-23919	<18.14.1-r0
M Arbitrary Code Injection	<18.14.1-r0
H Incorrect Authorization	<18.14.1-r0
H OS Command Injection	<18.12.1-r0
H Buffer Overflow	<18.12.1-r0
M Improper Certificate Validation	<16.13.2-r0
C CVE-2017-15896	<8.9.3-r0
H Improper Certificate Validation	<16.13.2-r0
M HTTP Request Smuggling	<16.17.1-r0
M HTTP Request Smuggling	<16.17.1-r0
H Authentication Bypass	<8.11.0-r0
M Improper Certificate Validation	<14.17.5-r0
C Improper Input Validation	<14.17.5-r0
H Improper Input Validation	<8.11.3-r0
H CVE-2021-22884	<14.16.0-r0
H Out-of-bounds Write	<14.15.5-r0
H Integer Underflow	<12.18.0-r0
M HTTP Request Smuggling	<14.15.4-r0
L CVE-2025-23085	<22.13.1-r0
C CVE-2023-32002	<18.17.1-r0
H Use After Free	<14.15.4-r0
H CVE-2023-32559	<18.17.1-r0
H Allocation of Resources Without Limits or Throttling	<10.15.3-r0
H Allocation of Resources Without Limits or Throttling	<10.16.3-r0
H Allocation of Resources Without Limits or Throttling	<10.16.3-r0
L Information Exposure	<8.9.3-r0
H Out-of-bounds Write	<8.11.4-r0
M Allocation of Resources Without Limits or Throttling	<10.16.3-r0
H Improper Enforcement of Message or Data Structure	<12.18.0-r0
L CVE-2024-22018	<20.15.1-r0
H Improper Input Validation	<6.11.5-r0
H HTTP Request Smuggling	<12.18.4-r0
L Use of Insufficiently Random Values	<22.13.1-r0
H Information Exposure	<6.11.1-r0
L CVE-2024-27982	<20.12.1-r0
L CVE-2024-27983	<20.12.1-r0
C CVE-2019-15606	<12.15.0-r0
H Inefficient Regular Expression Complexity	<18.14.1-r0
H Improper Certificate Validation	<12.18.0-r0
H Buffer Overflow	<18.12.1-r0
H CVE-2023-32006	<18.17.1-r0
M HTTP Request Smuggling	<16.17.1-r0
H Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<16.13.2-r0
L CVE-2023-39333	<18.18.2-r0
M Improper Input Validation	<10.14.0-r0
H Symlink Following	<14.17.6-r0
H Symlink Following	<14.17.6-r0
H Resource Exhaustion	<10.14.0-r0
M HTTP Request Smuggling	<14.18.1-r0
H Directory Traversal	<14.17.6-r0
H Resource Exhaustion	<14.16.0-r0
H Directory Traversal	<14.17.6-r0
H Allocation of Resources Without Limits or Throttling	<10.16.3-r0
H Resource Exhaustion	<10.16.3-r0
H Buffer Overflow	<12.18.4-r0
H Resource Exhaustion	<14.15.1-r0
C Improper Input Validation	<14.16.1-r0
H Directory Traversal	<14.17.6-r0
H Resource Exhaustion	<10.14.0-r0
M Use of a Broken or Risky Cryptographic Algorithm	<10.14.0-r0
M Use of a Broken or Risky Cryptographic Algorithm	<10.14.0-r0

Vulnerability

Vulnerable Version

CVE-2024-22020

<20.15.1-r0

CVE-2024-36137

<20.15.1-r0

Insufficient Verification of Data Authenticity

<18.18.2-r0

Information Exposure

<18.18.2-r0

HTTP Request Smuggling

<16.17.1-r0