Vulnerabilities > Nodejs > Node JS > 16.20.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-23 | CVE-2023-30581 | Unspecified vulnerability in Nodejs Node.Js The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. | 7.5 |
| 2023-08-24 | CVE-2023-32559 | Unspecified vulnerability in Nodejs Node.Js A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. | 7.5 |
| 2023-08-15 | CVE-2023-32006 | The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. | 8.8 |