nodejs vulnerabilities

Known vulnerabilities in the nodejs package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L CVE-2025-23083	<20.18.2+dfsg-1
L CVE-2025-47153	<20.19.0+dfsg1-1
L CVE-2025-23165	<20.19.2+dfsg-1
L CVE-2023-46809	<18.19.1+dfsg-1
H CVE-2023-30590	<18.13.0+dfsg1-1.1
M CVE-2023-30588	<18.13.0+dfsg1-1.1
L CVE-2024-22025	<18.19.1+dfsg-1
M HTTP Request Smuggling	<18.6.0+dfsg-3
C Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	<18.10.0+dfsg-1
M Improper Certificate Validation	<12.22.9~dfsg-1
H Use After Free	<12.20.1~dfsg-1
H Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<12.22.9~dfsg-1
M Improper Certificate Validation	<12.22.5~dfsg-1
H HTTP Request Smuggling	<12.18.4~dfsg-1
H CVE-2021-22884	<12.21.0~dfsg-1
L CVE-2025-23166	<20.19.2+dfsg-1
L Inclusion of Functionality from Untrusted Control Sphere	<8.9.3~dfsg-5
H Allocation of Resources Without Limits or Throttling	<10.16.3~dfsg-1
L Resource Exhaustion	<10.15.0~dfsg-6
C HTTP Request Smuggling	<10.19.0~dfsg-1
H Resource Exhaustion	<4.1.1~dfsg-3
L Improper Input Validation	<4.3.0~dfsg-1
L Improper Input Validation	<10.15.0~dfsg-6
L HTTP Response Splitting	<4.6.0~dfsg-1
L Improper Input Validation	<4.3.0~dfsg-1
H Code	<4.2.3~dfsg-1
L Improper Input Validation	<4.8.4~dfsg-1
L Improper Input Validation	<10.15.0~dfsg-6
M HTTP Request Smuggling	<18.10.0+dfsg-1
H Incorrect Authorization	<18.19.0+dfsg-2
H OS Command Injection	<18.6.0+dfsg-3
H CVE-2023-32006	<18.13.0+dfsg1-1.1
H Improper Enforcement of Message or Data Structure	<10.21.0~dfsg-1
L Out-of-Bounds	<10.15.0~dfsg-6
L CVE-2024-36137	<20.15.1+dfsg-1
C Use After Free	<12.22.4~dfsg-1
L CVE-2024-27983	<18.20.1+dfsg-1
H CVE-2024-22019	<18.19.1+dfsg-1
L Authentication Bypass	<8.11.1~dfsg-2
L CVE-2024-22020	<20.15.1+dfsg-1
H Arbitrary Code Injection	<18.19.1+dfsg-1
L Out-of-Bounds	<4.4.6~dfsg-1
M Untrusted Search Path	<18.13.0+dfsg1-1.1
M Improper Input Validation	<0.10.21~dfsg1-1
L Race Condition	<4.0.0~dfsg-1
M Improper Input Validation	<0.6.17~dfsg1-1
H Improper Certificate Validation	<12.22.9~dfsg-1
M HTTP Request Smuggling	<12.20.1~dfsg-1
M Improper Certificate Validation	<12.22.9~dfsg-1
M HTTP Request Smuggling	<18.6.0+dfsg-3
H Allocation of Resources Without Limits or Throttling	<10.16.3~dfsg-1
L Allocation of Resources Without Limits or Throttling	<8.9.3~dfsg-5
L Resource Exhaustion	<10.15.0~dfsg-6
L Improper Data Handling	<4.6.0~dfsg-1
H Integer Underflow	<10.21.0~dfsg-1
L Out-of-Bounds	<0.10.38~dfsg-1
L Improper Input Validation	<8.11.1~dfsg-2
H CVE-2023-32559	<18.13.0+dfsg1-1.1
L CVE-2024-22018	<20.15.1+dfsg-1
C CVE-2023-32002	<18.13.0+dfsg1-1.1
H CVE-2023-30581	<18.13.0+dfsg1-1.1
H CVE-2023-23919	<18.13.0+dfsg1-1.1
H OS Command Injection	<18.12.1+dfsg-1
H Insufficient Verification of Data Authenticity	<18.13.0+dfsg1-1.1
H Use After Free	<12.22.5~dfsg-1
H CVE-2019-9513	<10.16.3~dfsg-1
L CVE-2023-39333	<18.13.0+dfsg1-1.1
L Allocation of Resources Without Limits or Throttling	<10.15.2~dfsg-1
H CVE-2023-30589	<18.13.0+dfsg1-1.1
L CVE-2025-23085	<20.18.2+dfsg-1
M HTTP Request Smuggling	<12.22.7~dfsg-1
M HTTP Request Smuggling	<18.6.0+dfsg-3
H Improper Certificate Validation	<10.19.0~dfsg-1
L Resource Exhaustion	<10.15.0~dfsg-6
C Out-of-Bounds	<4.2.3~dfsg-1
H Resource Exhaustion	<12.21.0~dfsg-1
M HTTP Request Smuggling	<12.22.7~dfsg-1
L CVE-2024-27982	<18.20.1+dfsg-1
L Improper Input Validation	<6.0.0~dfsg-1
L Improper Input Validation	<10.15.0~dfsg-6
L HTTP Request Smuggling	<10.15.0~dfsg-6
C CVE-2019-15606	<10.19.0~dfsg-1
L Out-of-bounds Write	<10.15.0~dfsg-6

Vulnerability

Vulnerable Version

<20.18.2+dfsg-1

<20.19.0+dfsg1-1

<20.19.2+dfsg-1

<18.19.1+dfsg-1

<18.13.0+dfsg1-1.1