nodejs vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the nodejs package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L CVE-2024-22020	<20.15.1-r0
L CVE-2024-36137	<20.15.1-r0
H Insufficient Verification of Data Authenticity	<18.18.2-r0
L Information Exposure	<18.18.2-r0
M HTTP Request Smuggling	<16.17.1-r0
M Improper Certificate Validation	<16.13.2-r0
C Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	<16.17.1-r0
M HTTP Request Smuggling	<14.18.1-r0
M Cross-site Scripting (XSS)	<14.17.5-r0
C Use After Free	<14.17.4-r0
H Improper Certificate Validation	<12.15.0-r0
M Improper Input Validation	<8.11.0-r0
H Improper Input Validation	<8.11.0-r0
C HTTP Request Smuggling	<12.15.0-r0
H Improper Input Validation	<8.11.3-r0
M CVE-2025-23084	<22.13.1-r0
H Out-of-Bounds	<8.11.3-r0
L CVE-2025-23083	<22.13.1-r0
H Allocation of Resources Without Limits or Throttling	<10.16.3-r0
H Resource Exhaustion	<10.16.3-r0
H Allocation of Resources Without Limits or Throttling	<10.16.3-r0
M Untrusted Search Path	<18.14.1-r0
H CVE-2023-23919	<18.14.1-r0
M Arbitrary Code Injection	<18.14.1-r0
H Incorrect Authorization	<18.14.1-r0
H OS Command Injection	<18.12.1-r0
H Buffer Overflow	<18.12.1-r0
M Improper Certificate Validation	<16.13.2-r0
C CVE-2017-15896	<8.9.3-r0
H Improper Certificate Validation	<16.13.2-r0
M HTTP Request Smuggling	<16.17.1-r0
M HTTP Request Smuggling	<16.17.1-r0
H Authentication Bypass	<8.11.0-r0
M Improper Certificate Validation	<14.17.5-r0
C Improper Input Validation	<14.17.5-r0
H Improper Input Validation	<8.11.3-r0
H CVE-2021-22884	<14.16.0-r0
H Out-of-bounds Write	<14.15.5-r0
H Integer Underflow	<12.18.0-r0
M HTTP Request Smuggling	<14.15.4-r0
L CVE-2025-23085	<22.13.1-r0
C CVE-2023-32002	<18.17.1-r0
H Use After Free	<14.15.4-r0
H CVE-2023-32559	<18.17.1-r0
H Allocation of Resources Without Limits or Throttling	<10.15.3-r0
H Allocation of Resources Without Limits or Throttling	<10.16.3-r0
H Allocation of Resources Without Limits or Throttling	<10.16.3-r0
L Information Exposure	<8.9.3-r0
H Out-of-bounds Write	<8.11.4-r0
M Allocation of Resources Without Limits or Throttling	<10.16.3-r0
H Improper Enforcement of Message or Data Structure	<12.18.0-r0
L CVE-2024-22018	<20.15.1-r0
H Improper Input Validation	<6.11.5-r0
H HTTP Request Smuggling	<12.18.4-r0
L Use of Insufficiently Random Values	<22.13.1-r0
H Information Exposure	<6.11.1-r0
L CVE-2024-27982	<20.12.1-r0
L CVE-2024-27983	<20.12.1-r0
C CVE-2019-15606	<12.15.0-r0
H Inefficient Regular Expression Complexity	<18.14.1-r0
H Improper Certificate Validation	<12.18.0-r0
H Buffer Overflow	<18.12.1-r0
H CVE-2023-32006	<18.17.1-r0
M HTTP Request Smuggling	<16.17.1-r0
H Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<16.13.2-r0
L CVE-2023-39333	<18.18.2-r0
M Improper Input Validation	<10.14.0-r0
H Symlink Following	<14.17.6-r0
H Symlink Following	<14.17.6-r0
H Resource Exhaustion	<10.14.0-r0
M HTTP Request Smuggling	<14.18.1-r0
H Directory Traversal	<14.17.6-r0
H Resource Exhaustion	<14.16.0-r0
H Directory Traversal	<14.17.6-r0
H Allocation of Resources Without Limits or Throttling	<10.16.3-r0
H Resource Exhaustion	<10.16.3-r0
H Buffer Overflow	<12.18.4-r0
H Resource Exhaustion	<14.15.1-r0
C Improper Input Validation	<14.16.1-r0
H Directory Traversal	<14.17.6-r0
H Resource Exhaustion	<10.14.0-r0
M Use of a Broken or Risky Cryptographic Algorithm	<10.14.0-r0
M Use of a Broken or Risky Cryptographic Algorithm	<10.14.0-r0

Vulnerability

Vulnerable Version

CVE-2024-22020

<20.15.1-r0