Vulnerabilidades em NodeJS
114 resultadosCVE-2026-48937MEDIUMA flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a `GOAWAY` frame. This vulnerability affectsEPSS 0.4%CVE-2024-36137LOWA vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.EPSS 0.4%CVE-2026-21713MEDIUMA flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timingEPSS 0.4%CVE-2023-30584HIGHA vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improEPSS 0.4%CVE-2026-21712MEDIUMA flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalizedEPSS 0.3%CVE-2026-21717MEDIUMA flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially prEPSS 0.3%CVE-2026-48931LOWA flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request.
This vEPSS 0.3%CVE-2025-47279LOWundici Denial of Service attack via bad certificate dataEPSS 0.3%CVE-2025-59464MEDIUMA memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffEPSS 0.2%CVE-2025-55132LOWA flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via `futimes()` even when the process EPSS 0.2%CVE-2026-48617LOWA flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation. This can lead to confideEPSS 0.2%CVE-2026-21716LOWAn incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permissioEPSS 0.2%CVE-2026-21715LOWA flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, whiEPSS 0.2%CVE-2026-21711MEDIUMA flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission cheEPSS 0.1%