Browse all 5 CVE security advisories affecting Node.js. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Node.js serves as a JavaScript runtime environment for building scalable network applications and server-side solutions. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insecure deserialization, path traversal, and input validation flaws. While the current CVE count remains manageable at five, past incidents like the 2017 event where a malicious package compromised thousands of projects highlight supply chain risks. Its asynchronous nature and extensive npm ecosystem introduce unique security considerations, requiring developers to implement proper input sanitization and dependency vetting to mitigate potential attack vectors.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-3566 | Command injection vulnerability in programing languages on Microsoft Windows operating system. — Node.js | 9.8AI | CriticalAI | 2024-04-10 |
| CVE-2019-5739 | Joyent Node.js 资源管理错误漏洞 — Node.jsCWE-400 | 7.5 | - | 2019-03-28 |
| CVE-2019-5737 | Joyent Node.js 资源管理错误漏洞 — Node.jsCWE-400 | 5.9 | - | 2019-03-28 |
| CVE-2018-1002203 | unzipper npm library 路径遍历漏洞 — unzipperCWE-22 | 5.5 | - | 2018-07-25 |
| CVE-2018-1002204 | adm-zip npm library 路径遍历漏洞 — adm-zipCWE-22 | 5.5 | - | 2018-07-25 |
This page lists every published CVE security advisory associated with Node.js. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.