Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

NodeJS — Vulnerabilities & Security Advisories 111

Browse all 111 CVE security advisories affecting NodeJS. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Node.js is a server-side JavaScript runtime environment primarily used for building scalable network applications and APIs. Its event-driven, non-blocking I/O architecture makes it popular for real-time services, yet this design introduces specific security challenges. Historically, the platform has been susceptible to Remote Code Execution (RCE) vulnerabilities, often stemming from prototype pollution or improper input validation in core modules. Cross-Site Scripting (XSS) and server-side request forgery (SSRF) are also frequent issues, particularly when handling untrusted user data or integrating with third-party libraries. With over 111 recorded Common Vulnerabilities and Exposures (CVEs), the ecosystem’s reliance on numerous npm packages amplifies supply chain risks. Notable incidents have included critical flaws in the HTTP parser and DNS resolution mechanisms, highlighting the necessity for rigorous dependency auditing and timely patching to mitigate exploitation of these systemic weaknesses in production environments.

Found 15 results / 111Clear Filters
Top products by NodeJS: Node undici
CVE IDTitleCVSSSeverityPublished
CVE-2026-22036 Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion — undiciCWE-770 5.9 Medium2026-01-14
CVE-2025-47279 undici Denial of Service attack via bad certificate data — undiciCWE-401 3.1 Low2025-05-15
CVE-2025-22150 Undici Uses Insufficiently Random Values — undiciCWE-330 6.8 Medium2025-01-21
CVE-2024-38372 Undici vulnerable to data leak when using response.arrayBuffer() — undiciCWE-201 2.0 Low2024-07-08
CVE-2024-30260 Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline — undiciCWE-285 3.9 Low2024-04-04
CVE-2024-30261 Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect — undiciCWE-284 2.6 Low2024-04-04
CVE-2024-24750 Backpressure request ignored in fetch() in Undici — undiciCWE-400 6.5 Medium2024-02-16
CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch in Undici — undiciCWE-200 3.9 Low2024-02-16
CVE-2023-45143 Undici's cookie header not cleared on cross-origin redirect in fetch — undiciCWE-200 3.9 Low2023-10-12
CVE-2023-23936 CRLF Injection in Nodejs ‘undici’ via host — undiciCWE-93 6.5 Medium2023-02-16
CVE-2023-24807 Undici vulnerable to Regular Expression Denial of Service in Headers — undiciCWE-20 7.5 High2023-02-16
CVE-2022-35948 CRLF Injection in Nodejs ‘undici’ via Content-Type — undiciCWE-93 5.3 Medium2022-08-13
CVE-2022-35949 `undici.request` vulnerable to SSRF using absolute URL on `pathname` — undiciCWE-918 5.3 Medium2022-08-12
CVE-2022-31151 Uncleared cookies on cross-host/cross-origin redirect in undici — undiciCWE-601 3.7 Low2022-07-20
CVE-2022-31150 CRLF injection in request headers — undiciCWE-93 5.3 Medium2022-07-19

This page lists every published CVE security advisory associated with NodeJS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.