Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

NodeJS — Vulnerabilities & Security Advisories 111

Browse all 111 CVE security advisories affecting NodeJS. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Node.js is a server-side JavaScript runtime environment primarily used for building scalable network applications and APIs. Its event-driven, non-blocking I/O architecture makes it popular for real-time services, yet this design introduces specific security challenges. Historically, the platform has been susceptible to Remote Code Execution (RCE) vulnerabilities, often stemming from prototype pollution or improper input validation in core modules. Cross-Site Scripting (XSS) and server-side request forgery (SSRF) are also frequent issues, particularly when handling untrusted user data or integrating with third-party libraries. With over 111 recorded Common Vulnerabilities and Exposures (CVEs), the ecosystem’s reliance on numerous npm packages amplifies supply chain risks. Notable incidents have included critical flaws in the HTTP parser and DNS resolution mechanisms, highlighting the necessity for rigorous dependency auditing and timely patching to mitigate exploitation of these systemic weaknesses in production environments.

Top products by NodeJS: Node undici
CVE IDTitleCVSSSeverityPublished
CVE-2023-45143 Undici's cookie header not cleared on cross-origin redirect in fetch — undiciCWE-200 3.9 Low2023-10-12
CVE-2023-32558 Node.js 路径遍历漏洞 — Node 7.5 -2023-09-12
CVE-2023-32005 Node.js 安全漏洞 — Node 5.3 -2023-09-12
CVE-2023-32559 Node.js 安全漏洞 — Node 9.8 -2023-08-24
CVE-2023-32002 Node.js 安全漏洞 — Node 9.8 -2023-08-21
CVE-2023-32003 Node.js 路径遍历漏洞 — Node 7.5 -2023-08-15
CVE-2023-32004 Node.js 路径遍历漏洞 — Node 6.5 -2023-08-15
CVE-2023-32006 Node.js 安全漏洞 — Node 9.4 -2023-08-15
CVE-2023-30586 Node.js 安全漏洞 — Node 9.8 -2023-06-30
CVE-2023-30589 nodejs 安全漏洞 — Node 6.5 -2023-06-30
CVE-2023-23918 Node.js 安全漏洞 — Node 7.5 -2023-02-23
CVE-2023-23919 Node.js 安全漏洞 — NodeCWE-310 7.5 -2023-02-23
CVE-2023-23920 Node.js 代码问题漏洞 — NodeCWE-426 5.8 -2023-02-23
CVE-2023-23936 CRLF Injection in Nodejs ‘undici’ via host — undiciCWE-93 6.5 Medium2023-02-16
CVE-2023-24807 Undici vulnerable to Regular Expression Denial of Service in Headers — undiciCWE-20 7.5 High2023-02-16
CVE-2022-43548 Node.js 操作系统命令注入漏洞 — NodeCWE-78 8.1 -2022-12-05
CVE-2022-35255 Node.js 安全特征问题漏洞 — NodeCWE-338 9.1 -2022-12-05
CVE-2022-35256 Node.js 环境问题漏洞 — NodeCWE-444 6.5 -2022-12-05
CVE-2022-35948 CRLF Injection in Nodejs ‘undici’ via Content-Type — undiciCWE-93 5.3 Medium2022-08-13
CVE-2022-35949 `undici.request` vulnerable to SSRF using absolute URL on `pathname` — undiciCWE-918 5.3 Medium2022-08-12
CVE-2022-31151 Uncleared cookies on cross-host/cross-origin redirect in undici — undiciCWE-601 3.7 Low2022-07-20
CVE-2022-31150 CRLF injection in request headers — undiciCWE-93 5.3 Medium2022-07-19
CVE-2022-32223 Node.js 代码问题漏洞 — NodeCWE-427 7.8 -2022-07-14
CVE-2022-32212 Node.js 操作系统命令注入漏洞 — NodeCWE-284 8.1 -2022-07-14
CVE-2022-32213 Node.js 环境问题漏洞 — NodeCWE-444 6.5 -2022-07-14
CVE-2022-32214 IBM Answer Retrieval for Watson Discovery On Prem 环境问题漏洞 — NodeCWE-444 6.5 -2022-07-14
CVE-2022-32215 Node.js 环境问题漏洞 — NodeCWE-444 6.5 -2022-07-14
CVE-2022-32222 Node.js 代码问题漏洞 — NodeCWE-310 8.2 -2022-07-14
CVE-2021-44533 nodejs 信任管理问题漏洞 — NodeCWE-295 7.5 -2022-02-24
CVE-2021-44532 nodejs 信任管理问题漏洞 — NodeCWE-296 5.3 -2022-02-24

This page lists every published CVE security advisory associated with NodeJS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.