Vulnerabilities > Nodejs > Node JS > 19.5.0

DATE CVE VULNERABILITY TITLE RISK
2023-02-23 CVE-2023-23918 Incorrect Authorization vulnerability in Nodejs Node.Js
A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require().
network
low complexity
nodejs CWE-863
7.5
7.5
2023-02-23 CVE-2023-23920 Untrusted Search Path vulnerability in multiple products
An untrusted search path vulnerability exists in Node.js.
local
low complexity
nodejs debian CWE-426
4.2
4.2
2023-02-16 CVE-2023-23936 Injection vulnerability in Nodejs Undici
Undici is an HTTP/1.1 client for Node.js.
network
low complexity
nodejs CWE-74
5.4
5.4