Vulnerabilities (CVE)

Filtered by vendor Nodejs Subscribe
Filtered by product Node.js
Total 72 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-2086 2 Fedoraproject, Nodejs 2 Fedora, Node.js 2017-07-01 5.0 MEDIUM 7.5 HIGH
Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
CVE-2014-9772 1 Nodejs 1 Node.js 2017-03-29 4.3 MEDIUM 6.1 MEDIUM
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
CVE-2015-8315 1 Nodejs 1 Node.js 2017-03-02 7.8 HIGH 7.5 HIGH
The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
CVE-2015-8856 1 Nodejs 1 Node.js 2017-03-02 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name.
CVE-2015-8859 1 Nodejs 1 Node.js 2017-03-02 5.0 MEDIUM 5.3 MEDIUM
The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors.
CVE-2015-8855 1 Nodejs 1 Node.js 2017-01-26 7.8 HIGH 7.5 HIGH
The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
CVE-2015-8860 1 Nodejs 1 Node.js 2017-01-24 5.0 MEDIUM 7.5 HIGH
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.
CVE-2013-7454 1 Nodejs 1 Node.js 2017-01-24 4.3 MEDIUM 6.1 MEDIUM
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.
CVE-2013-7453 1 Nodejs 1 Node.js 2017-01-24 4.3 MEDIUM 6.1 MEDIUM
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.
CVE-2013-7452 1 Nodejs 1 Node.js 2017-01-24 4.3 MEDIUM 6.1 MEDIUM
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.
CVE-2013-7451 1 Nodejs 1 Node.js 2017-01-24 4.3 MEDIUM 6.1 MEDIUM
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.
CVE-2015-5380 3 Google, Iojs, Nodejs 3 V8, Io.js, Node.js 2016-11-28 7.5 HIGH N/A
The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence.