nodejs vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the nodejs package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
C CVE-2017-15896	<8.9.3-r0
H Out-of-bounds Write	<8.11.4-r0
M Improper Input Validation	<8.11.0-r0
H Authentication Bypass	<8.11.0-r0
L CVE-2024-22020	<20.15.1-r0
L CVE-2024-36137	<20.15.1-r0
H Out-of-Bounds	<8.11.3-r0
H Inefficient Regular Expression Complexity	<18.14.1-r0
C CVE-2023-32002	<18.17.1-r0
H CVE-2023-32559	<18.17.1-r0
H Incorrect Authorization	<18.14.1-r0
L CVE-2025-23085	<22.13.1-r0
L Information Exposure	<8.9.3-r0
H CVE-2023-32006	<18.17.1-r0
L Use of Insufficiently Random Values	<22.13.1-r0
H Information Exposure	<6.11.1-r0
H Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<16.13.2-r0
M HTTP Request Smuggling	<16.17.1-r0
H Improper Input Validation	<8.11.3-r0
H Improper Input Validation	<8.11.0-r0
H Improper Input Validation	<8.11.3-r0
H Improper Certificate Validation	<16.13.2-r0
L CVE-2025-23083	<22.13.1-r0
L CVE-2024-27982	<20.12.1-r0
M CVE-2025-23084	<22.13.1-r0
H Improper Input Validation	<6.11.5-r0
L CVE-2023-39333	<18.18.2-r0
H Symlink Following	<14.17.6-r0
L CVE-2024-22018	<20.15.1-r0
H Directory Traversal	<14.17.6-r0
L Information Exposure	<18.18.2-r0
C Improper Input Validation	<14.17.5-r0
L CVE-2024-27983	<20.12.1-r0
M Cross-site Scripting (XSS)	<14.17.5-r0
H Insufficient Verification of Data Authenticity	<18.18.2-r0
M Arbitrary Code Injection	<18.14.1-r0
H CVE-2023-23919	<18.14.1-r0
M Untrusted Search Path	<18.14.1-r0
C Improper Input Validation	<14.16.1-r0
H Directory Traversal	<14.17.6-r0
H Symlink Following	<14.17.6-r0
H Buffer Overflow	<18.12.1-r0
C Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	<16.17.1-r0
H OS Command Injection	<18.12.1-r0
H Buffer Overflow	<18.12.1-r0
M HTTP Request Smuggling	<16.17.1-r0
H Resource Exhaustion	<14.15.1-r0
H HTTP Request Smuggling	<12.18.4-r0
M Improper Certificate Validation	<16.13.2-r0
M HTTP Request Smuggling	<16.17.1-r0
M HTTP Request Smuggling	<16.17.1-r0
M Improper Certificate Validation	<16.13.2-r0
M HTTP Request Smuggling	<14.18.1-r0
M HTTP Request Smuggling	<14.18.1-r0
H Directory Traversal	<14.17.6-r0
H Resource Exhaustion	<10.16.3-r0
H Allocation of Resources Without Limits or Throttling	<10.15.3-r0
M Use of a Broken or Risky Cryptographic Algorithm	<10.14.0-r0
M Improper Certificate Validation	<14.17.5-r0
M Allocation of Resources Without Limits or Throttling	<10.16.3-r0
C CVE-2019-15606	<12.15.0-r0
H Allocation of Resources Without Limits or Throttling	<10.16.3-r0
H Resource Exhaustion	<10.16.3-r0
C Use After Free	<14.17.4-r0
H CVE-2021-22884	<14.16.0-r0
H Resource Exhaustion	<14.16.0-r0
H Use After Free	<14.15.4-r0
H Resource Exhaustion	<10.14.0-r0
M HTTP Request Smuggling	<14.15.4-r0
M Improper Input Validation	<10.14.0-r0
H Improper Certificate Validation	<12.18.0-r0
H Buffer Overflow	<12.18.4-r0
H Improper Enforcement of Message or Data Structure	<12.18.0-r0
H Integer Underflow	<12.18.0-r0
H Out-of-bounds Write	<14.15.5-r0
M Use of a Broken or Risky Cryptographic Algorithm	<10.14.0-r0
H Resource Exhaustion	<10.14.0-r0
H Allocation of Resources Without Limits or Throttling	<10.16.3-r0
C HTTP Request Smuggling	<12.15.0-r0
H Improper Certificate Validation	<12.15.0-r0
H Allocation of Resources Without Limits or Throttling	<10.16.3-r0
H Allocation of Resources Without Limits or Throttling	<10.16.3-r0
H Allocation of Resources Without Limits or Throttling	<10.16.3-r0

Vulnerability

Vulnerable Version

CVE-2017-15896

<8.9.3-r0