SecAlerts
CVE ListPricingSign Up
nodejs logo

nodejs

Security Risk Profile

46
/100
medium

Security Risk Score

Comprehensive risk assessment based on 187 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from August 13, 2012 to present

187
Total CVEs
128
Critical+High
1
Exploited
23
Unpatched

Threat Assessment

Avg CVSS
7.3
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
23
Critical/High
Risk Level
46/100
medium
⚠️ 1 Active Exploits 1 Zero-Days

Severity Distribution

Critical
24
High
104
Medium
57
Low
2

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
14

Age Distribution

Common Weaknesses (CWE)

1
Input Validation
21
2
Infoleak
15
3
XSS
15
4
Buffer Overflow
14
5
Path Traversal
10

Most Affected Products

1. Nodejs Node.js1120
2. OpenSSL OpenSSL380
3. Google Chrome179
4. Nodejs Nodejs114
5. redhat/nodejs111

Recent Vulnerabilities

See more →
CVE-2026-2229
CVSS 7.5high

undici is vulnerable to Unhandled Exception in undici WebSocket Client Due to Invalid server_max_window_bits Validation

3/12/2026
CVE-2026-1528
CVSS 7.5high

undici is vulnerable to Malicious WebSocket 64-bit length overflows undici parser and crashes the client

3/12/2026
CVE-2026-1527
CVSS 4.6medium

undici is vulnerable to CRLF Injection via upgrade option

3/12/2026
CVE-2026-2581
CVSS 5.9medium

undici is vulnerable to Unbounded Memory Consumption in in Undici's DeduplicationHandler via Response Buffering leads to DoS

3/12/2026
CVE-2026-1526
CVSS 7.5high

undici is vulnerable to Unbounded Memory Consumption in undici WebSocket permessage-deflate Decompression

3/12/2026
CVE-2026-1525
CVSS 9.8critical

undici is vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

3/12/2026
CVE-2026-21636
CVSS 10.0EPSS 0%critical
1/20/2026🔧 No Patch
CVE-2026-21637
CVSS 7.5EPSS 0%high
1/20/2026
CVE-2025-59466
CVSS 7.5high
1/20/2026🔧 No Patch
CVE-2025-59464
CVSS 7.5high
1/20/2026🔧 No Patch

Monitor nodejs in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

nodejs Security Vulnerabilities & Risk Score | 187 CVEs | SecAlerts - SecAlerts