Homepage

nodejs

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the nodejs package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
Use of Insufficiently Random Values

<22.13.1-r0
  • L
CVE-2026-21714

<24.14.1-r0
  • H
CVE-2023-32559

<18.17.1-r0
  • M
Improper Certificate Validation

<16.13.2-r0
  • H
Incorrect Authorization

<18.14.1-r0
  • L
CVE-2026-21717

<24.14.1-r0
  • H
Authentication Bypass

<8.11.0-r0
  • H
Improper Input Validation

<8.11.3-r0
  • L
CVE-2026-21715

<24.14.1-r0
  • L
CVE-2025-23083

<22.13.1-r0
  • H
Improper Input Validation

<8.11.3-r0
  • H
CVE-2023-32006

<18.17.1-r0
  • H
OS Command Injection

<18.12.1-r0
  • H
Buffer Overflow

<18.12.1-r0
  • L
CVE-2024-36137

<20.15.1-r0
  • M
Improper Input Validation

<8.11.0-r0
  • H
Out-of-bounds Write

<8.11.4-r0
  • M
HTTP Request Smuggling

<14.18.1-r0
  • H
Out-of-Bounds

<8.11.3-r0
  • H
Inefficient Regular Expression Complexity

<18.14.1-r0
  • M
HTTP Request Smuggling

<14.18.1-r0
  • L
CVE-2026-21716

<24.14.1-r0
  • H
Improper Input Validation

<6.11.5-r0
  • H
Symlink Following

<14.17.6-r0
  • H
Improper Input Validation

<8.11.0-r0
  • L
CVE-2024-22020

<20.15.1-r0
  • C
CVE-2023-32002

<18.17.1-r0
  • M
CVE-2025-55132

<24.13.0-r0
  • M
HTTP Request Smuggling

<16.17.1-r0
  • H
CVE-2023-23919

<18.14.1-r0
  • H
Out-of-bounds Write

<14.15.5-r0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<16.13.2-r0
  • L
CVE-2025-23166

<22.16.0-r0
  • H
Use After Free

<14.15.4-r0
  • H
Directory Traversal

<14.17.6-r0
  • H
Allocation of Resources Without Limits or Throttling

<10.16.3-r0
  • H
Resource Exhaustion

<10.16.3-r0
  • M
Arbitrary Code Injection

<18.14.1-r0
  • M
Improper Certificate Validation

<16.13.2-r0
  • H
Improper Certificate Validation

<16.13.2-r0
  • M
Cross-site Scripting (XSS)

<14.17.5-r0
  • L
CVE-2025-23085

<22.13.1-r0
  • H
Allocation of Resources Without Limits or Throttling

<10.16.3-r0
  • H
Buffer Overflow

<12.18.4-r0
  • M
Untrusted Search Path

<18.14.1-r0
  • H
Allocation of Resources Without Limits or Throttling

<10.16.3-r0
  • M
HTTP Request Smuggling

<16.17.1-r0
  • H
Improper Certificate Validation

<12.15.0-r0
  • L
CVE-2026-21712

<24.14.1-r0
  • L
CVE-2026-21710

<24.14.1-r0
  • C
Improper Input Validation

<14.17.5-r0
  • H
Resource Exhaustion

<10.16.3-r0
  • H
Allocation of Resources Without Limits or Throttling

<10.16.3-r0
  • H
Information Exposure

<6.11.1-r0
  • M
HTTP Request Smuggling

<14.15.4-r0
  • H
Resource Exhaustion

<14.15.1-r0
  • C
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

<16.17.1-r0
  • C
CVE-2017-15896

<8.9.3-r0
  • L
Information Exposure

<8.9.3-r0
  • C
Use After Free

<14.17.4-r0
  • M
Improper Certificate Validation

<14.17.5-r0
  • L
CVE-2023-39333

<18.18.2-r0
  • C
HTTP Request Smuggling

<12.15.0-r0
  • H
Buffer Overflow

<18.12.1-r0
  • H
HTTP Request Smuggling

<12.18.4-r0
  • M
CVE-2025-23084

<22.13.1-r0
  • C
Improper Input Validation

<14.16.1-r0
  • H
CVE-2025-59466

<24.13.0-r0
  • L
CVE-2024-27982

<20.12.1-r0
  • M
Improper Input Validation

<10.14.0-r0
  • L
CVE-2024-22018

<20.15.1-r0
  • M
Use of a Broken or Risky Cryptographic Algorithm

<10.14.0-r0
  • H
Insufficient Verification of Data Authenticity

<18.18.2-r0
  • H
Directory Traversal

<14.17.6-r0
  • L
Information Exposure

<18.18.2-r0
  • M
HTTP Request Smuggling

<16.17.1-r0
  • H
Symlink Following

<14.17.6-r0
  • L
CVE-2026-21713

<24.14.1-r0
  • L
CVE-2024-27983

<20.12.1-r0
  • L
CVE-2025-55131

<24.13.0-r0
  • H
Resource Exhaustion

<14.16.0-r0
  • H
Resource Exhaustion

<10.14.0-r0
  • H
CVE-2021-22884

<14.16.0-r0
  • C
CVE-2025-55130

<24.13.0-r0
  • H
CVE-2026-21637

<24.14.1-r0
  • H
Resource Exhaustion

<10.14.0-r0
  • M
Allocation of Resources Without Limits or Throttling

<10.16.3-r0
  • M
HTTP Request Smuggling

<16.17.1-r0
  • H
Integer Underflow

<12.18.0-r0
  • H
Allocation of Resources Without Limits or Throttling

<10.16.3-r0
  • H
Directory Traversal

<14.17.6-r0
  • H
Improper Certificate Validation

<12.18.0-r0
  • H
Improper Enforcement of Message or Data Structure

<12.18.0-r0
  • H
Allocation of Resources Without Limits or Throttling

<10.15.3-r0
  • C
CVE-2019-15606

<12.15.0-r0
  • M
Use of a Broken or Risky Cryptographic Algorithm

<10.14.0-r0