Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

NodeJS — Vulnerabilities & Security Advisories 111

Browse all 111 CVE security advisories affecting NodeJS. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Node.js is a server-side JavaScript runtime environment primarily used for building scalable network applications and APIs. Its event-driven, non-blocking I/O architecture makes it popular for real-time services, yet this design introduces specific security challenges. Historically, the platform has been susceptible to Remote Code Execution (RCE) vulnerabilities, often stemming from prototype pollution or improper input validation in core modules. Cross-Site Scripting (XSS) and server-side request forgery (SSRF) are also frequent issues, particularly when handling untrusted user data or integrating with third-party libraries. With over 111 recorded Common Vulnerabilities and Exposures (CVEs), the ecosystem’s reliance on numerous npm packages amplifies supply chain risks. Notable incidents have included critical flaws in the HTTP parser and DNS resolution mechanisms, highlighting the necessity for rigorous dependency auditing and timely patching to mitigate exploitation of these systemic weaknesses in production environments.

Top products by NodeJS: Node undici
CVE IDTitleCVSSSeverityPublished
CVE-2026-21711 Node.js 安全漏洞 — node 9.9AICriticalAI2026-03-30
CVE-2026-21715 Node.js 安全漏洞 — node 6.5AIMediumAI2026-03-30
CVE-2026-21716 Node.js 安全漏洞 — node 8.8AIHighAI2026-03-30
CVE-2026-21710 Node.js 安全漏洞 — node 7.5AIHighAI2026-03-30
CVE-2026-21713 Node.js 安全漏洞 — node 3.7AILowAI2026-03-30
CVE-2026-21717 Node.js 安全漏洞 — node 5.3AIMediumAI2026-03-30
CVE-2026-21714 Node.js 安全漏洞 — node 7.5AIHighAI2026-03-30
CVE-2026-21712 Node.js 安全漏洞 — node 7.5AIHighAI2026-03-30
CVE-2025-55131 Node.js 安全漏洞 — node 7.4AIHighAI2026-01-20
CVE-2025-55132 Node.js 安全漏洞 — node 4.3 -2026-01-20
CVE-2025-59466 Node.js 安全漏洞 — node 7.5 -2026-01-20
CVE-2025-59464 Node.js 安全漏洞 — node 7.5 -2026-01-20
CVE-2026-21636 Node.js 安全漏洞 — node 8.4 -2026-01-20
CVE-2025-55130 Node.js 安全漏洞 — node 9.8AICriticalAI2026-01-20
CVE-2025-59465 Node.js 安全漏洞 — node 7.5AIHighAI2026-01-20
CVE-2026-21637 Node.js 安全漏洞 — node 7.5 -2026-01-20
CVE-2026-22036 Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion — undiciCWE-770 5.9 Medium2026-01-14
CVE-2025-27209 Node.js 安全漏洞 — node 5.9 -2025-07-18
CVE-2025-27210 Node.js 路径遍历漏洞 — node 9.1AICriticalAI2025-07-18
CVE-2025-23165 Node.js 安全漏洞 — node 7.5 -2025-05-19
CVE-2025-23167 Node.js 安全漏洞 — node 7.5 -2025-05-19
CVE-2025-23166 Node.js 安全漏洞 — node 7.5 -2025-05-19
CVE-2025-47279 undici Denial of Service attack via bad certificate data — undiciCWE-401 3.1 Low2025-05-15
CVE-2025-23085 Node.js 安全漏洞 — Node 7.5 -2025-02-07
CVE-2025-23084 Node.js 安全漏洞 — Node 9.1 -2025-01-28
CVE-2025-23083 Node.js 安全漏洞 — Node 9.8 -2025-01-22
CVE-2025-22150 Undici Uses Insufficiently Random Values — undiciCWE-330 6.8 Medium2025-01-21
CVE-2024-27980 Node.js 安全漏洞 — Node 8.8 -2025-01-09
CVE-2024-37372 Node.js 安全漏洞 — Node 9.8 -2025-01-09
CVE-2023-46809 Node.js 安全漏洞 — Node 7.5 -2024-09-07

This page lists every published CVE security advisory associated with NodeJS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.