Vulnerabilities > Nodejs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-07 | CVE-2021-22930 | Use After Free vulnerability in Nodejs Node.Js Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. | 7.5 |
| 2021-08-16 | CVE-2021-22931 | Improper Input Validation vulnerability in Nodejs Node.Js Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. | 7.5 |
| 2021-08-16 | CVE-2021-22939 | Improper Certificate Validation vulnerability in Nodejs Node.Js If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. | 5.0 |
| 2021-08-16 | CVE-2021-22940 | Use After Free vulnerability in Nodejs Node.Js Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. | 5.0 |
| 2021-07-12 | CVE-2021-22918 | Out-of-bounds Read vulnerability in Nodejs Node.Js Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. | 5.0 |
| 2021-07-12 | CVE-2021-22921 | Incorrect Permission Assignment for Critical Resource vulnerability in Nodejs Node.Js Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. | 4.4 |
| 2021-03-03 | CVE-2021-22884 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. | 5.1 |
| 2021-03-03 | CVE-2021-22883 | Resource Exhaustion vulnerability in multiple products Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. | 7.8 |
| 2021-01-06 | CVE-2020-8287 | HTTP Request Smuggling vulnerability in multiple products Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). | 6.4 |
| 2021-01-06 | CVE-2020-8265 | Use After Free vulnerability in multiple products Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. | 6.8 |