Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%
Buy Us a Coffee

NodeJS — Vulnerabilities & Security Advisories 123

Browse all 123 CVE security advisories affecting NodeJS. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Node.js is a server-side JavaScript runtime environment primarily used for building scalable network applications and APIs. Its event-driven, non-blocking I/O architecture makes it popular for real-time services, yet this design introduces specific security challenges. Historically, the platform has been susceptible to Remote Code Execution (RCE) vulnerabilities, often stemming from prototype pollution or improper input validation in core modules. Cross-Site Scripting (XSS) and server-side request forgery (SSRF) are also frequent issues, particularly when handling untrusted user data or integrating with third-party libraries. With over 111 recorded Common Vulnerabilities and Exposures (CVEs), the ecosystem’s reliance on numerous npm packages amplifies supply chain risks. Notable incidents have included critical flaws in the HTTP parser and DNS resolution mechanisms, highlighting the necessity for rigorous dependency auditing and timely patching to mitigate exploitation of these systemic weaknesses in production environments.

Top products by NodeJS: Node undici
CVE IDTitleCVSSSeverityPublished
CVE-2026-48936 Node.js 26权限API绕过漏洞 — nodeCWE-284--2026-06-26
CVE-2026-48930 Node.js TLS处理漏洞,影响v22/v24/v26 — nodeCWE-284--2026-06-26
CVE-2026-48928 Node.js 22/24/26多上下文mTLS信任绕过漏洞 — nodeCWE-284--2026-06-26
CVE-2026-48615 Node.js 22/24/26凭证泄露漏洞 — nodeCWE-359--2026-06-26
CVE-2026-48934 Node.js TLS证书验证绕过漏洞 — node--2026-06-26
CVE-2026-48619 Node.js HTTP/2客户端OOM漏洞 — nodeCWE-400--2026-06-26
CVE-2026-48935 Node.js 22/24/26 Permission API可写文件元数据漏洞 — nodeCWE-276--2026-06-26
CVE-2026-48618 Node.js 22/24/26 TLS认证绕过漏洞 — nodeCWE-176--2026-06-26
CVE-2026-48933 Node.js 22/24/26 WebCrypto拒绝服务漏洞 — nodeCWE-190--2026-06-26
CVE-2026-48931 Node.js 22/24/26 HTTP Agent漏洞 — nodeCWE-367--2026-06-22
CVE-2026-48937 Node.js 22/24 HTTP/2服务器GoAway帧后持续接收数据漏洞 — nodeCWE-400--2026-06-18
CVE-2026-48617 Node.js 22/24/26权限绕过漏洞 — nodeCWE-284--2026-06-18
CVE-2026-21716 Node.js 安全漏洞 — node 8.8AIHighAI2026-03-30
CVE-2026-21710 Node.js 安全漏洞 — node 7.5AIHighAI2026-03-30
CVE-2026-21715 Node.js 安全漏洞 — node 6.5AIMediumAI2026-03-30
CVE-2026-21711 Node.js 安全漏洞 — node 9.9AICriticalAI2026-03-30
CVE-2026-21713 Node.js 安全漏洞 — node 3.7AILowAI2026-03-30
CVE-2026-21717 Node.js 安全漏洞 — node 5.3AIMediumAI2026-03-30
CVE-2026-21714 Node.js 安全漏洞 — node 7.5AIHighAI2026-03-30
CVE-2026-21712 Node.js 安全漏洞 — node 7.5AIHighAI2026-03-30
CVE-2025-55131 Node.js 安全漏洞 — node 7.4AIHighAI2026-01-20
CVE-2025-55132 Node.js 安全漏洞 — node 4.3 -2026-01-20
CVE-2025-59466 Node.js 安全漏洞 — node 7.5 -2026-01-20
CVE-2025-59464 Node.js 安全漏洞 — node 7.5 -2026-01-20
CVE-2026-21636 Node.js 安全漏洞 — node 8.4 -2026-01-20
CVE-2025-55130 Node.js 安全漏洞 — node 9.8AICriticalAI2026-01-20
CVE-2025-59465 Node.js 安全漏洞 — node 7.5AIHighAI2026-01-20
CVE-2026-21637 Node.js 安全漏洞 — node 7.5 -2026-01-20
CVE-2026-22036 Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion — undiciCWE-770 5.9 Medium2026-01-14
CVE-2025-27210 Node.js 路径遍历漏洞 — node 9.1AICriticalAI2025-07-18

This page lists every published CVE security advisory associated with NodeJS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.