Where
-Infinity
0

Trending

Last week
Last month
Last year

oss-secNodeJS Security leases fixes High, 5 Medium, 2 Low severity issues

First published (updated )
https://seclists.org/oss-sec/2026/q1/379

npm/undiciImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large …

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2447145

npm/undiciThe undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consump…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2447142

npm/undiciUndici allows duplicate HTTP Content-Length headers when they are provided in an array with case-var…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2447144

npm/undiciImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper valida…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2447143
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

npm/undiciThis is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Serv…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2447140

npm/undiciImpactWhen an application passes user-controlled input to the upgrade option of client.request(), an…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2447141

npm/undiciundici is vulnerable to Unhandled Exception in undici WebSocket Client Due to Invalid server_max_window_bits Validation

Risk 43
Severity
7.5
First published (updated )
CVE-2026-2229

npm/undiciundici is vulnerable to Malicious WebSocket 64-bit length overflows undici parser and crashes the client

Risk 43
Severity
7.5
First published (updated )
CVE-2026-1528

npm/undiciundici is vulnerable to CRLF Injection via upgrade option

Risk 30
Severity
4.6
First published (updated )
CVE-2026-1527
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

npm/undiciundici is vulnerable to Unbounded Memory Consumption in in Undici's DeduplicationHandler via Response Buffering leads to DoS

Risk 35
Severity
5.9
First published (updated )
CVE-2026-2581

npm/undiciundici is vulnerable to Unbounded Memory Consumption in undici WebSocket permessage-deflate Decompression

Risk 43
Severity
7.5
First published (updated )
CVE-2026-1526

npm/undiciundici is vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Risk 86
Severity
9.8
First published (updated )
CVE-2026-1525

npm/undiciUndici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

Risk 31
Severity
7.5
EPSS
0.02%
First published (updated )
CVE-2026-22036

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203