Homepage

nodejs vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the nodejs package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
CVE-2024-22020

<1:18.20.4-1.module+el8.10.0+90402+68b79193
  • M
CVE-2024-28863

<1:18.20.4-1.module+el8.10.0+90402+68b79193
  • M
CVE-2024-22018

<1:20.16.0-1.module+el8.10.0+90391+162fb07b
  • M
CVE-2024-36137

<1:20.16.0-1.module+el8.10.0+90391+162fb07b
  • H
CVE-2024-25629

<1:18.20.2-1.module+el8.9.0+90319+0b1e7189
  • H
CVE-2024-27982

<1:18.20.2-1.module+el8.9.0+90319+0b1e7189
  • H
CVE-2024-27983

<1:18.20.2-1.module+el8.9.0+90319+0b1e7189
  • H
CVE-2024-22025

<1:18.20.2-1.module+el8.9.0+90319+0b1e7189
  • H
CVE-2024-28182

<1:18.20.2-1.module+el8.9.0+90319+0b1e7189
  • H
CVE-2024-21896

<1:20.11.1-1.module+el8.9.0+90250+089ba5e1
  • H
CVE-2024-21891

<1:20.11.1-1.module+el8.9.0+90250+089ba5e1
  • H
CVE-2024-22017

<1:20.11.1-1.module+el8.9.0+90250+089ba5e1
  • H
CVE-2024-21890

<1:20.11.1-1.module+el8.9.0+90250+089ba5e1
  • H
CVE-2023-46809

<1:20.11.1-1.module+el8.9.0+90250+089ba5e1
  • H
CVE-2024-21892

<1:20.11.1-1.module+el8.9.0+90250+089ba5e1
  • H
CVE-2024-22019

<1:20.11.1-1.module+el8.9.0+90250+089ba5e1
  • H
Directory Traversal

<1:20.8.1-1.module+el8.9.0+90082+b6a613a6
  • H
Directory Traversal

<1:20.8.1-1.module+el8.9.0+90082+b6a613a6
  • H
Insufficient Verification of Data Authenticity

<1:20.8.1-1.module+el8.9.0+90082+b6a613a6
  • H
Information Exposure

<1:20.8.1-1.module+el8.9.0+90082+b6a613a6
  • H
CVE-2023-39333

<1:20.8.1-1.module+el8.9.0+90082+b6a613a6
  • H
CVE-2023-44487

<1:16.20.2-4.0.1.module+el8.9.0+90185+b2d3b544
  • H
CVE-2023-32559

<1:18.17.1-1.module+el8.8.0+21170+2efec6d4
  • H
Inefficient Regular Expression Complexity

<1:18.17.1-1.module+el8.8.0+21170+2efec6d4
  • H
CVE-2023-32006

<1:18.17.1-1.module+el8.8.0+21170+2efec6d4
  • H
CVE-2023-32002

<1:18.17.1-1.module+el8.8.0+21170+2efec6d4
  • M
CVE-2023-30589

<1:18.16.1-1.module+el8.8.0+21140+54ee8b93
  • M
CVE-2023-30588

<1:18.16.1-1.module+el8.8.0+21140+54ee8b93
  • M
CVE-2023-30581

<1:16.20.1-1.module+el8.8.0+21143+178952bb
  • M
CVE-2023-30590

<1:18.16.1-1.module+el8.8.0+21140+54ee8b93
  • H
Use of Insufficiently Random Values

<1:18.14.2-3.module+el8.8.0+21122+857852f8
  • H
Out-of-bounds Write

<1:16.19.1-2.module+el8.8.0+21121+9536f36f
  • H
Use of Insufficiently Random Values

<1:18.14.2-3.module+el8.8.0+21122+857852f8
  • H
CVE-2023-32067

<1:16.19.1-2.module+el8.8.0+21121+9536f36f
  • H
Improper Input Validation

<1:14.21.3-1.module+el8.7.0+21031+52889874
  • M
CVE-2023-23919

<1:16.19.1-1.module+el8.7.0+21021+1eb7f63d
  • M
Incorrect Authorization

<1:18.14.2-2.module+el8.7.0+21020+b7aeeb08
  • M
Inefficient Regular Expression Complexity

<1:16.19.1-1.module+el8.7.0+21021+1eb7f63d
  • M
Inefficient Regular Expression Complexity

<1:16.19.1-1.module+el8.7.0+21021+1eb7f63d
  • M
Inefficient Regular Expression Complexity

<1:18.14.2-2.module+el8.7.0+21020+b7aeeb08
  • M
Arbitrary Code Injection

<1:18.14.2-2.module+el8.7.0+21020+b7aeeb08
  • H
Improper Validation of Specified Quantity in Input

<1:18.14.2-3.module+el8.8.0+21122+857852f8
  • M
Untrusted Search Path

<1:16.19.1-1.module+el8.7.0+21021+1eb7f63d
  • M
Information Exposure

<1:14.21.1-2.module+el8.7.0+20895+79a25710
  • M
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<1:14.21.1-2.module+el8.7.0+20895+79a25710
  • M
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<1:14.21.1-2.module+el8.7.0+20895+79a25710
  • H
Inefficient Regular Expression Complexity

<1:14.21.3-1.module+el8.7.0+21031+52889874
  • M
OS Command Injection

<1:14.21.1-2.module+el8.7.0+20895+79a25710
  • M
Improper Certificate Validation

<1:16.18.1-3.module+el8.7.0+20893+df13f383
  • M
Improper Certificate Validation

<1:16.18.1-3.module+el8.7.0+20893+df13f383
  • M
Improper Certificate Validation

<1:16.18.1-3.module+el8.7.0+20893+df13f383
  • M
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<1:16.18.1-3.module+el8.7.0+20893+df13f383
  • H
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

<1:18.8.0-1.module+el8.7.0+20871+e727ae93
  • M
HTTP Request Smuggling

<1:14.20.1-2.module+el8.6.0+20874+338992dc
  • M
HTTP Request Smuggling

<1:16.16.0-3.module+el8.6.0+20742+4c4c4b80
  • M
HTTP Request Smuggling

<1:16.16.0-3.module+el8.6.0+20742+4c4c4b80
  • M
HTTP Request Smuggling

<1:14.20.0-2.module+el8.6.0+20729+8fb6d84e
  • M
OS Command Injection

<1:16.16.0-3.module+el8.6.0+20742+4c4c4b80
  • M
CVE-2022-33987

<1:16.16.0-3.module+el8.6.0+20742+4c4c4b80
  • H
Insufficient Verification of Data Authenticity

<1:16.14.0-4.module+el8.6.0+20672+19f3909b
  • M
Directory Traversal

<1:14.18.2-2.module+el8.5.0+20489+261d51d3
  • M
Directory Traversal

<1:14.18.2-2.module+el8.5.0+20489+261d51d3
  • M
Resource Exhaustion

<1:14.18.2-2.module+el8.5.0+20489+261d51d3
  • M
Inefficient Regular Expression Complexity

<1:14.18.2-2.module+el8.5.0+20489+261d51d3
  • M
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<1:14.18.2-2.module+el8.5.0+20489+261d51d3
  • M
HTTP Request Smuggling

<1:14.18.2-2.module+el8.5.0+20489+261d51d3
  • M
Inefficient Regular Expression Complexity

<1:16.16.0-3.module+el8.6.0+20742+4c4c4b80
  • M
HTTP Request Smuggling

<1:14.18.2-2.module+el8.5.0+20489+261d51d3
  • H
CVE-2021-23343

<1:12.22.5-1.module+el8.4.0+20308+065a70e3
  • H
Directory Traversal

<1:12.22.5-1.module+el8.4.0+20308+065a70e3
  • H
Improper Input Validation

<1:14.17.5-1.module+el8.4.0+20313+f90c2973
  • H
Cross-site Scripting (XSS)

<1:12.22.5-1.module+el8.4.0+20308+065a70e3
  • H
Use After Free

<1:12.22.5-1.module+el8.4.0+20308+065a70e3
  • H
Link Following

<1:12.22.5-1.module+el8.4.0+20308+065a70e3
  • H
Use After Free

<1:14.17.5-1.module+el8.4.0+20313+f90c2973
  • H
Improper Certificate Validation

<1:12.22.5-1.module+el8.4.0+20308+065a70e3
  • M
Inefficient Regular Expression Complexity

<1:14.17.3-2.module+el8.4.0+20278+965e0649
  • M
Out-of-bounds Read

<1:14.17.3-2.module+el8.4.0+20278+965e0649
  • M
CVE-2021-27290

<1:14.17.3-2.module+el8.4.0+20278+965e0649
  • H
CVE-2021-22884

<1:10.24.0-1.module+el8.3.0+9671+154373c8
  • H
Missing Release of Resource after Effective Lifetime

<1:10.24.0-1.module+el8.3.0+9671+154373c8
  • M
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<1:10.23.1-1.module+el8.3.0+9642+87902f83
  • M
Use After Free

<1:12.20.1-1.module+el8.3.0+9643+8c99e187
  • M
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<1:14.18.2-2.module+el8.5.0+20489+261d51d3
  • M
HTTP Request Smuggling

<1:10.23.1-1.module+el8.3.0+9642+87902f83
  • M
Arbitrary Argument Injection

<1:12.20.1-1.module+el8.3.0+9643+8c99e187
  • M
CVE-2020-7754

<1:12.20.1-1.module+el8.3.0+9643+8c99e187
  • M
Resource Exhaustion

<1:12.20.1-1.module+el8.3.0+9643+8c99e187
  • M
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<1:10.23.1-1.module+el8.3.0+9642+87902f83
  • M
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<1:10.23.1-1.module+el8.3.0+9642+87902f83
  • M
Resource Exhaustion

<1:14.15.4-2.module+el8.3.0+9657+a08a905a
  • M
Information Exposure Through Log Files

<1:10.23.1-1.module+el8.3.0+9642+87902f83
  • M
Buffer Overflow

<1:10.23.1-1.module+el8.3.0+9642+87902f83
  • M
HTTP Request Smuggling

<1:12.18.4-2.module+el8.2.0+7806+0b44ae23
  • M
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<1:10.23.1-1.module+el8.3.0+9642+87902f83
  • H
Integer Underflow

<1:12.18.2-1.module+el8.2.0+7636+541a18d0
  • H
Improper Enforcement of Message or Data Structure

<1:12.18.2-1.module+el8.2.0+7636+541a18d0
  • H
Improper Certificate Validation

<1:12.18.2-1.module+el8.2.0+7636+541a18d0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<1:12.18.2-1.module+el8.2.0+7636+541a18d0
  • H
Directory Traversal

<1:10.19.0-1.module+el8.1.0+5552+3cab52c0
  • H
Integer Overflow or Wraparound

<1:10.19.0-2.module+el8.1.0+5572+a2a7be63
  • H
HTTP Request Smuggling

<1:12.16.1-1.module+el8.1.0+5548+c572d87b
  • H
Improper Privilege Management

<1:10.19.0-1.module+el8.1.0+5552+3cab52c0
  • H
CVE-2019-15606

<1:12.16.1-1.module+el8.1.0+5548+c572d87b
  • H
Improper Certificate Validation

<1:12.16.1-1.module+el8.1.0+5548+c572d87b
  • H
Symlink Following

<1:10.19.0-1.module+el8.1.0+5552+3cab52c0
  • H
Allocation of Resources Without Limits or Throttling

<1:10.14.1-1.module+el8.0.0+5349+4d6b561f
  • H
Allocation of Resources Without Limits or Throttling

<1:10.14.1-1.module+el8.0.0+5349+4d6b561f
  • H
Allocation of Resources Without Limits or Throttling

<1:10.14.1-1.module+el8.0.0+5349+4d6b561f
  • H
Allocation of Resources Without Limits or Throttling

<1:10.14.1-1.module+el8.0.0+5349+4d6b561f
  • H
Allocation of Resources Without Limits or Throttling

<1:10.14.1-1.module+el8.0.0+5349+4d6b561f
  • H
CVE-2019-9513

<1:10.14.1-1.module+el8.0.0+5349+4d6b561f
  • H
Allocation of Resources Without Limits or Throttling

<1:10.14.1-1.module+el8.0.0+5349+4d6b561f
  • H
Resource Exhaustion

<1:10.14.1-1.module+el8.0.0+5349+4d6b561f