nodejs vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the nodejs package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
CVE-2023-32559

<16.20.2-r0
  • H
CVE-2023-32006

<16.20.2-r0
  • C
CVE-2023-32002

<16.20.2-r0
  • H
Incorrect Authorization

<16.19.1-r0
  • M
Arbitrary Code Injection

<16.19.1-r0
  • H
Inefficient Regular Expression Complexity

<16.19.1-r0
  • H
CVE-2023-23919

<16.19.1-r0
  • M
Untrusted Search Path

<16.19.1-r0
  • M
HTTP Request Smuggling

<16.17.1-r0
  • C
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

<16.17.1-r0
  • M
HTTP Request Smuggling

<16.17.1-r0
  • M
HTTP Request Smuggling

<16.17.1-r0
  • M
HTTP Request Smuggling

<16.17.1-r0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<16.13.2-r0
  • M
Improper Certificate Validation

<16.13.2-r0
  • M
Improper Certificate Validation

<16.13.2-r0
  • H
Improper Certificate Validation

<16.13.2-r0
  • M
HTTP Request Smuggling

<14.18.1-r0
  • M
HTTP Request Smuggling

<14.18.1-r0
  • H
Directory Traversal

<14.17.6-r0
  • H
Symlink Following

<14.17.6-r0
  • H
Directory Traversal

<14.17.6-r0
  • H
Symlink Following

<14.17.6-r0
  • H
Directory Traversal

<14.17.6-r0
  • M
Improper Certificate Validation

<14.17.5-r0
  • C
Improper Input Validation

<14.17.5-r0
  • M
Cross-site Scripting (XSS)

<14.17.5-r0
  • C
Improper Input Validation

<14.16.1-r0
  • C
Use After Free

<14.17.4-r0
  • H
CVE-2021-22884

<14.16.0-r0
  • H
Resource Exhaustion

<14.16.0-r0
  • H
Out-of-bounds Write

<14.15.5-r0
  • M
HTTP Request Smuggling

<14.15.4-r0
  • H
Resource Exhaustion

<14.15.1-r0
  • H
Use After Free

<14.15.4-r0
  • H
HTTP Request Smuggling

<12.18.4-r0
  • H
Buffer Overflow

<12.18.4-r0
  • H
Improper Certificate Validation

<12.18.0-r0
  • H
Improper Enforcement of Message or Data Structure

<12.18.0-r0
  • H
Integer Underflow

<12.18.0-r0
  • C
CVE-2019-15606

<12.15.0-r0
  • C
HTTP Request Smuggling

<12.15.0-r0
  • H
Improper Certificate Validation

<12.15.0-r0
  • H
Allocation of Resources Without Limits or Throttling

<10.16.3-r0
  • H
Resource Exhaustion

<10.16.3-r0
  • H
Allocation of Resources Without Limits or Throttling

<10.16.3-r0
  • H
Allocation of Resources Without Limits or Throttling

<10.16.3-r0
  • H
Allocation of Resources Without Limits or Throttling

<10.16.3-r0
  • M
Allocation of Resources Without Limits or Throttling

<10.16.3-r0
  • H
Resource Exhaustion

<10.16.3-r0
  • H
Allocation of Resources Without Limits or Throttling

<10.16.3-r0
  • H
Allocation of Resources Without Limits or Throttling

<10.15.3-r0
  • H
Resource Exhaustion

<10.14.0-r0
  • H
Resource Exhaustion

<10.14.0-r0
  • M
Improper Input Validation

<10.14.0-r0
  • M
Use of a Broken or Risky Cryptographic Algorithm

<10.14.0-r0
  • M
Use of a Broken or Risky Cryptographic Algorithm

<10.14.0-r0
  • H
Out-of-bounds Write

<8.11.4-r0
  • H
Improper Input Validation

<8.11.3-r0
  • H
Out-of-Bounds

<8.11.3-r0
  • H
Authentication Bypass

<8.11.0-r0
  • M
Improper Input Validation

<8.11.0-r0
  • H
Improper Input Validation

<8.11.0-r0
  • H
Improper Input Validation

<8.11.3-r0
  • C
CVE-2017-15896

<8.9.3-r0
  • L
Information Exposure

<8.9.3-r0
  • H
Improper Input Validation

<6.11.5-r0
  • H
Information Exposure

<6.11.1-r0