6.16.0

DATE	CVE	VULNERABILITY TITLE	RISK
2019-03-28	CVE-2019-5739	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. network low complexity nodejs opensuse CWE-770	5.0
2019-03-28	CVE-2019-5737	Allocation of Resources Without Limits or Throttling vulnerability in multiple products In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. network low complexity nodejs opensuse CWE-770	7.5
2019-02-27	CVE-2019-1559	Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. network high complexity openssl canonical debian netapp f5 tenable opensuse fedoraproject mcafee redhat oracle paloaltonetworks nodejs CWE-203	5.9