Exposición de Node.js
Programming languages96
score de exposición
532.066
sitios usan
0
en explotación
4
críticos
CVEs
127 resultadosCVE-2021-32050MEDIUMSome MongoDB Drivers may publish events containing authentication-related data to a command listener configured by an applicationEPSS 0.5%CVE-2025-55130HIGHA flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relativEPSS 0.5%CVE-2025-23165LOWIn Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocatedEPSS 0.5%CVE-2025-24876HIGHAuthentication bypass via authorization code injection in SAP ApprouterEPSS 0.5%CVE-2023-23920MEDIUMAn untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search aEPSS 0.5%CVE-2025-23167MEDIUMA flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`.
This inEPSS 0.5%CVE-2024-22018LOWA vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used.
EPSS 0.5%CVE-2026-21714MEDIUMA memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow cEPSS 0.5%CVE-2024-37372LOWThe Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not alwEPSS 0.4%CVE-2025-23083HIGHWith the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only tEPSS 0.4%CVE-2021-40828MEDIUMTLS hostname validation issues within AWS IoT Device SDKs on WindowsEPSS 0.4%CVE-2026-48937MEDIUMA flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a `GOAWAY` frame. This vulnerability affectsEPSS 0.4%CVE-2024-36137LOWA vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.EPSS 0.4%CVE-2026-21713MEDIUMA flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timingEPSS 0.4%CVE-2023-30584HIGHA vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improEPSS 0.4%CVE-2021-40830MEDIUMInconsistent CA override function behavior within AWS IoT Device SDKs on Unix systemsEPSS 0.4%CVE-2021-40829MEDIUMTLS hostname validation issues within AWS IoT Device SDKs on macOSEPSS 0.4%CVE-2026-21712MEDIUMA flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalizedEPSS 0.3%CVE-2026-21717MEDIUMA flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially prEPSS 0.3%CVE-2026-48931LOWA flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request.
This vEPSS 0.3%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →