nodejs vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the nodejs package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L CVE-2025-23083	<20.18.2+dfsg-1
L CVE-2025-47153	<20.19.0+dfsg1-1
L CVE-2025-23165	<20.19.2+dfsg-1
L CVE-2023-46809	<18.19.1+dfsg-1
H CVE-2023-30590	<18.13.0+dfsg1-1.1
M CVE-2023-30588	<18.13.0+dfsg1-1.1
L CVE-2024-22025	<18.19.1+dfsg-1
M HTTP Request Smuggling	<18.6.0+dfsg-3
C Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	<18.10.0+dfsg-1
M Improper Certificate Validation	<12.22.9~dfsg-1
H Use After Free	<12.20.1~dfsg-1
H Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<12.22.9~dfsg-1
M Improper Certificate Validation	<12.22.5~dfsg-1
H HTTP Request Smuggling	<12.18.4~dfsg-1
H CVE-2021-22884	<12.21.0~dfsg-1
L CVE-2025-23166	<20.19.2+dfsg-1
L Inclusion of Functionality from Untrusted Control Sphere	<8.9.3~dfsg-5
H Allocation of Resources Without Limits or Throttling	<10.16.3~dfsg-1
L Resource Exhaustion	<10.15.0~dfsg-6
C HTTP Request Smuggling	<10.19.0~dfsg-1
H Resource Exhaustion	<4.1.1~dfsg-3
L Improper Input Validation	<4.3.0~dfsg-1
L Improper Input Validation	<10.15.0~dfsg-6
L HTTP Response Splitting	<4.6.0~dfsg-1
L Improper Input Validation	<4.3.0~dfsg-1
H Code	<4.2.3~dfsg-1
L Improper Input Validation	<4.8.4~dfsg-1
L Improper Input Validation	<10.15.0~dfsg-6
M HTTP Request Smuggling	<18.10.0+dfsg-1
H Incorrect Authorization	<18.19.0+dfsg-2
H OS Command Injection	<18.6.0+dfsg-3
H CVE-2023-32006	<18.13.0+dfsg1-1.1
H Improper Enforcement of Message or Data Structure	<10.21.0~dfsg-1
L Out-of-Bounds	<10.15.0~dfsg-6
L CVE-2024-36137	<20.15.1+dfsg-1
C Use After Free	<12.22.4~dfsg-1
L CVE-2024-27983	<18.20.1+dfsg-1
H CVE-2024-22019	<18.19.1+dfsg-1
L Authentication Bypass	<8.11.1~dfsg-2
L CVE-2024-22020	<20.15.1+dfsg-1
H Arbitrary Code Injection	<18.19.1+dfsg-1
L Out-of-Bounds	<4.4.6~dfsg-1
M Untrusted Search Path	<18.13.0+dfsg1-1.1
M Improper Input Validation	<0.10.21~dfsg1-1
L Race Condition	<4.0.0~dfsg-1
M Improper Input Validation	<0.6.17~dfsg1-1
H Improper Certificate Validation	<12.22.9~dfsg-1
M HTTP Request Smuggling	<12.20.1~dfsg-1
M Improper Certificate Validation	<12.22.9~dfsg-1
M HTTP Request Smuggling	<18.6.0+dfsg-3
H Allocation of Resources Without Limits or Throttling	<10.16.3~dfsg-1
L Allocation of Resources Without Limits or Throttling	<8.9.3~dfsg-5
L Resource Exhaustion	<10.15.0~dfsg-6
L Improper Data Handling	<4.6.0~dfsg-1
H Integer Underflow	<10.21.0~dfsg-1
L Out-of-Bounds	<0.10.38~dfsg-1
L Improper Input Validation	<8.11.1~dfsg-2
H CVE-2023-32559	<18.13.0+dfsg1-1.1
L CVE-2024-22018	<20.15.1+dfsg-1
C CVE-2023-32002	<18.13.0+dfsg1-1.1
H CVE-2023-30581	<18.13.0+dfsg1-1.1
H CVE-2023-23919	<18.13.0+dfsg1-1.1
H OS Command Injection	<18.12.1+dfsg-1
H Insufficient Verification of Data Authenticity	<18.13.0+dfsg1-1.1
H Use After Free	<12.22.5~dfsg-1
H CVE-2019-9513	<10.16.3~dfsg-1
L CVE-2023-39333	<18.13.0+dfsg1-1.1
L Allocation of Resources Without Limits or Throttling	<10.15.2~dfsg-1
H CVE-2023-30589	<18.13.0+dfsg1-1.1
L CVE-2025-23085	<20.18.2+dfsg-1
M HTTP Request Smuggling	<12.22.7~dfsg-1
M HTTP Request Smuggling	<18.6.0+dfsg-3
H Improper Certificate Validation	<10.19.0~dfsg-1
L Resource Exhaustion	<10.15.0~dfsg-6
C Out-of-Bounds	<4.2.3~dfsg-1
H Resource Exhaustion	<12.21.0~dfsg-1
M HTTP Request Smuggling	<12.22.7~dfsg-1
L CVE-2024-27982	<18.20.1+dfsg-1
L Improper Input Validation	<6.0.0~dfsg-1
L Improper Input Validation	<10.15.0~dfsg-6
L HTTP Request Smuggling	<10.15.0~dfsg-6
C CVE-2019-15606	<10.19.0~dfsg-1
L Out-of-bounds Write	<10.15.0~dfsg-6

Vulnerability

Vulnerable Version

CVE-2025-23083

<20.18.2+dfsg-1