Node.js
Sign in to watchby Node.js
Source repositories
CVEs (107)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-15604 | 0.00 | — | 0.04 | Feb 7, 2020 | Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate | ||
| CVE-2015-5380 | 0.00 | — | 0.01 | Jul 9, 2015 | The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence. | ||
| CVE-2015-0278 | 0.00 | — | 0.02 | May 18, 2015 | libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors. | ||
| CVE-2014-7191 | 0.00 | — | 0.01 | Oct 19, 2014 | The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array. | ||
| CVE-2014-5256 | 0.00 | — | 0.01 | Sep 5, 2014 | Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack. | ||
| CVE-2013-2882 | 0.00 | — | 0.02 | Jul 31, 2013 | Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | ||
| CVE-2012-2330 | 0.00 | — | 0.01 | Aug 13, 2012 | The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string. |
Page 6 of 6