nodejs Cyber Security Vulnerability Stats and Metrics

Memory Leak Vulnerability in Node.js Affecting Multiple Versions

CVE-2025-23122

NodejsNode3.7LOW

Memory Leak Vulnerability in Node.js Affects Version 20 and 22

CVE-2025-23165

NodejsNode3.7LOW

Node.js Software Vulnerability Allowing Remote Crash via User Inputs

CVE-2025-23166

NodejsNode7.5HIGH

HTTP Parser Flaw in Node.js 20 Allows Request Smuggling

CVE-2025-23167

NodejsNode6.5MEDIUM

Memory Leak Vulnerability in Undici HTTP Client for Node.js

CVE-2025-47279

NodejsUndici3.1LOW

Memory Leak in HTTP/2 Server on Node.js Affects Multiple Versions

CVE-2025-23085

NodejsNode5.3MEDIUM

Node.js Vulnerability Impacting Windows Drive Name Handling

CVE-2025-23084

NodejsNode

Node.js Worker Thread Vulnerability in Diagnostics Channel Utility

CVE-2025-23083

NodejsNode7.7HIGH

HTTP Client Vulnerability in Undici Affecting Node.js Applications

CVE-2025-22150

NodejsUndici6.8MEDIUM

Path Traversal Vulnerability in Open-Source Software Affecting Various Applications

CVE-2024-37372

NodejsNode

Arbitrary Code Execution through Improper Handling of Batch Files

CVE-2024-36138

NodejsNode📰8.1HIGH

Maliciously crafted WebAssembly module can inject JavaScript code, potentially exposing sensitive data

CVE-2023-39333

NodejsNode5.3MEDIUM

Vulnerability Identified in Node.js Experimental Permission Model

CVE-2024-36137

NodejsNode3.3LOW

Experimental Permission Model Vulnerability in Node.js version 20

CVE-2023-30582

NodejsNode5.3MEDIUM

Node.js version 20 vulnerability allows bypassing restrictions through inspector module

CVE-2023-30587

NodejsNode7.5HIGH

fs.openAsBlob() Vulnerability Allows Bypass of Experimental Permission Model in Node.js 20

CVE-2023-30583

NodejsNode7.5HIGH

Node.js Version 20 Vulnerability Affects Experimental Permission Model

CVE-2023-30584

NodejsNode7.7HIGH

Patched Memory Leak in Undici HTTP/1.1 Client

CVE-2024-38372

NodejsUndici2LOW

Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline

CVE-2024-30260

NodejsUndici4.3MEDIUM

Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

CVE-2024-30261

NodejsUndici2.6LOW

Memory Leak in Undici HTTP/1.1 Client Affects Users, Upgrade to 6.6.1 Advised

CVE-2024-24750

NodejsUndici6.5MEDIUM

Undici Patches Authentication Header Vulnerability

CVE-2024-24758

NodejsUndici3.9LOW

Denial of Service Vulnerability in Node.js by Invalid x509 Certificate Handling

CVE-2023-30588

NodejsNode5.3MEDIUM

Diffie-Hellman Key Generation Issue in Node.js

CVE-2023-30590

NodejsNode7.5HIGH

Node.js Vulnerability in Windows Installer for Node.js by OpenJS Foundation

CVE-2023-30585

NodejsNode7.5HIGH

nodejs Summary

Vulnerability Published:

Sort By:

19 May 2025

Memory Leak Vulnerability in Node.js Affecting Multiple Versions

Memory Leak Vulnerability in Node.js Affects Version 20 and 22

Node.js Software Vulnerability Allowing Remote Crash via User Inputs

HTTP Parser Flaw in Node.js 20 Allows Request Smuggling

15 May 2025

Memory Leak Vulnerability in Undici HTTP Client for Node.js

7 February 2025

Memory Leak in HTTP/2 Server on Node.js Affects Multiple Versions

28 January 2025

Node.js Vulnerability Impacting Windows Drive Name Handling

22 January 2025

Node.js Worker Thread Vulnerability in Diagnostics Channel Utility

21 January 2025

HTTP Client Vulnerability in Undici Affecting Node.js Applications

9 January 2025

Path Traversal Vulnerability in Open-Source Software Affecting Various Applications

7 September 2024

Arbitrary Code Execution through Improper Handling of Batch Files

Maliciously crafted WebAssembly module can inject JavaScript code, potentially exposing sensitive data

Vulnerability Identified in Node.js Experimental Permission Model

Experimental Permission Model Vulnerability in Node.js version 20

Node.js version 20 vulnerability allows bypassing restrictions through inspector module

fs.openAsBlob() Vulnerability Allows Bypass of Experimental Permission Model in Node.js 20

Node.js Version 20 Vulnerability Affects Experimental Permission Model

8 July 2024

Patched Memory Leak in Undici HTTP/1.1 Client

4 April 2024

Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline

Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

16 February 2024

Memory Leak in Undici HTTP/1.1 Client Affects Users, Upgrade to 6.6.1 Advised

Undici Patches Authentication Header Vulnerability

28 November 2023

Denial of Service Vulnerability in Node.js by Invalid x509 Certificate Handling

Diffie-Hellman Key Generation Issue in Node.js

Node.js Vulnerability in Windows Installer for Node.js by OpenJS Foundation