Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

NodeJS — Vulnerabilities & Security Advisories 111

Browse all 111 CVE security advisories affecting NodeJS. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Node.js is a server-side JavaScript runtime environment primarily used for building scalable network applications and APIs. Its event-driven, non-blocking I/O architecture makes it popular for real-time services, yet this design introduces specific security challenges. Historically, the platform has been susceptible to Remote Code Execution (RCE) vulnerabilities, often stemming from prototype pollution or improper input validation in core modules. Cross-Site Scripting (XSS) and server-side request forgery (SSRF) are also frequent issues, particularly when handling untrusted user data or integrating with third-party libraries. With over 111 recorded Common Vulnerabilities and Exposures (CVEs), the ecosystem’s reliance on numerous npm packages amplifies supply chain risks. Notable incidents have included critical flaws in the HTTP parser and DNS resolution mechanisms, highlighting the necessity for rigorous dependency auditing and timely patching to mitigate exploitation of these systemic weaknesses in production environments.

Top products by NodeJS: Node undici
CVE IDTitleCVSSSeverityPublished
CVE-2024-36138 Node.js 安全漏洞 — Node 7.8AIHighAI2024-09-07
CVE-2024-36137 Node.js 安全漏洞 — Node 7.5AIHighAI2024-09-07
CVE-2023-39333 Node.js 安全漏洞 — Node 7.1 -2024-09-07
CVE-2023-30582 Node.js 安全漏洞 — Node 7.5AIHighAI2024-09-07
CVE-2023-30583 Node.js 安全漏洞 — Node 7.5AIHighAI2024-09-07
CVE-2023-30584 Node.js 安全漏洞 — Node 8.1AIHighAI2024-09-07
CVE-2023-30587 Node.js 安全漏洞 — Node 7.5AIHighAI2024-09-07
CVE-2024-22018 Node.js 安全漏洞 — Node 5.3 -2024-07-10
CVE-2024-22020 Node.js 安全漏洞 — Node 8.8 -2024-07-09
CVE-2024-38372 Undici vulnerable to data leak when using response.arrayBuffer() — undiciCWE-201 2.0 Low2024-07-08
CVE-2024-27982 Node.js 安全漏洞 — Node 8.2AIHighAI2024-05-07
CVE-2024-27983 Node.js 安全漏洞 — Node 5.9AIMediumAI2024-04-09
CVE-2024-30260 Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline — undiciCWE-285 3.9 Low2024-04-04
CVE-2024-30261 Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect — undiciCWE-284 2.6 Low2024-04-04
CVE-2024-22017 Node.js 安全漏洞 — Node 8.8AIHighAI2024-03-19
CVE-2024-22025 Node.js 安全漏洞 — Node 7.5AIHighAI2024-03-19
CVE-2024-21890 Node.js 安全漏洞 — Node 9.1AICriticalAI2024-02-20
CVE-2024-21891 Node.js 安全漏洞 — Node 8.1AIHighAI2024-02-20
CVE-2024-21892 Node.js 安全漏洞 — Node 8.3 -2024-02-20
CVE-2024-21896 Node.js 安全漏洞 — Node 9.1AICriticalAI2024-02-20
CVE-2024-22019 Node.js 安全漏洞 — Node 7.5 -2024-02-20
CVE-2024-24750 Backpressure request ignored in fetch() in Undici — undiciCWE-400 6.5 Medium2024-02-16
CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch in Undici — undiciCWE-200 3.9 Low2024-02-16
CVE-2023-30588 nodejs 安全漏洞 — Node 7.5 -2023-11-28
CVE-2023-30590 nodejs 安全漏洞 — Node 7.5 -2023-11-28
CVE-2023-30585 nodejs 安全漏洞 — Node 5.5 -2023-11-28
CVE-2023-30581 Node.js 安全漏洞 — Node 9.4 -2023-11-22
CVE-2023-39331 Node.js 路径遍历漏洞 — Node 7.5 -2023-10-18
CVE-2023-39332 Node.js 路径遍历漏洞 — Node 9.1 -2023-10-18
CVE-2023-38552 Node.js 数据伪造问题漏洞 — Node 9.1 -2023-10-18

This page lists every published CVE security advisory associated with NodeJS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.