High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-19	CVE-2020-8277	Resource Exhaustion vulnerability in multiple products A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. network low complexity nodejs fedoraproject oracle c-ares-project CWE-400	7.5
2020-09-18	CVE-2020-8252	Classic Buffer Overflow vulnerability in multiple products The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. local low complexity nodejs opensuse fedoraproject CWE-120	7.8
2020-09-18	CVE-2020-8251	Resource Exhaustion vulnerability in multiple products Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections. network low complexity nodejs fedoraproject CWE-400	7.5
2020-09-18	CVE-2020-8201	HTTP Request Smuggling vulnerability in multiple products Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. network high complexity nodejs opensuse fedoraproject CWE-444	7.4
2020-07-24	CVE-2020-8174	Integer Underflow (Wrap or Wraparound) vulnerability in multiple products napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. network high complexity nodejs oracle netapp CWE-191	8.1
2020-06-08	CVE-2020-8172	Improper Certificate Validation vulnerability in multiple products TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0. network high complexity nodejs oracle CWE-295	7.4
2020-06-03	CVE-2020-11080	Improper Enforcement of Message or Data Structure vulnerability in multiple products In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. network low complexity nghttp2 debian opensuse fedoraproject oracle nodejs CWE-707	7.5
2020-03-12	CVE-2020-10531	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. network low complexity icu-project redhat google fedoraproject debian canonical opensuse oracle nodejs CWE-190	8.8
2020-02-11	CVE-2014-9748	Race Condition vulnerability in multiple products The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition. network high complexity libuv nodejs CWE-362	8.1
2020-02-07	CVE-2019-15604	Improper Certificate Validation vulnerability in multiple products Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate network low complexity nodejs debian opensuse redhat oracle CWE-295	7.5