Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how nodejs compares to other vendors in security performance

View Risk Score →

npm/undiciundici is vulnerable to Unhandled Exception in undici WebSocket Client Due to Invalid server_max_window_bits Validation

Risk 43
Severity
7.5
First published (updated )
CVE-2026-2229

npm/undiciundici is vulnerable to Malicious WebSocket 64-bit length overflows undici parser and crashes the client

Risk 43
Severity
7.5
First published (updated )
CVE-2026-1528

npm/undiciundici is vulnerable to CRLF Injection via upgrade option

Risk 30
Severity
4.6
First published (updated )
CVE-2026-1527

npm/undiciundici is vulnerable to Unbounded Memory Consumption in in Undici's DeduplicationHandler via Response Buffering leads to DoS

Risk 35
Severity
5.9
First published (updated )
CVE-2026-2581

npm/undiciundici is vulnerable to Unbounded Memory Consumption in undici WebSocket permessage-deflate Decompression

Risk 43
Severity
7.5
First published (updated )
CVE-2026-1526
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

npm/undiciundici is vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Risk 86
Severity
9.8
First published (updated )
CVE-2026-1525

npm/nodeA flaw in Node.js's permission model allows Unix Domain Socket (UDS) connections to bypass network r…

Risk 63
Severity
10
EPSS
0.02%
First published (updated )
CVE-2026-21636

Nodejs Node.jsHackerOne: CVE-2026-21637 TLS PSK/ALPN Callback Exceptions Bypass Error Handlers

Risk 32
Severity
7.5
EPSS
0.03%
First published (updated )
CVE-2026-21637

Nodejs Node.jsWe have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors b…

Risk 46
Severity
7.5
First published (updated )
CVE-2025-59466

Node.js Node.jsA memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to …

Risk 45
Severity
7.5
First published (updated )
CVE-2025-59464
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Nodejs Node.jsA flaw in Node.js's permission model allows a file's access and modification timestamps to be change…

Risk 28
Severity
5.3
First published (updated )
CVE-2025-55132

npm/undiciUndici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

Risk 31
Severity
7.5
EPSS
0.02%
First published (updated )
CVE-2026-22036

Nodejs Node.jsNodeJS Security leases (CVE-2025-55131, CVE-2025-55130, CVE-2025-59465, and others)

Risk 46
Severity
7.5
First published (updated )
CVE-2025-59465

Nodejs Node.jsNodeJS Security leases (CVE-2025-55131, CVE-2025-55130, CVE-2025-59465, and others)

Risk 70
Severity
9.1
First published (updated )
CVE-2025-55130

Nodejs Node.jsNode.js security updates: CVE-2025-23083, CVE-2025-23084, CVE-2025-23085

Risk 30
Severity
5.6
EPSS
0.04%
First published (updated )
CVE-2025-23084
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Nodejs Node.jsCommand injection vulnerability in programing languages on Microsoft Windows operating system.

Risk 61
Severity
9.8
EPSS
0.04%
First published (updated )
CVE-2024-3566

Fedoraproject FedoraUndici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

Risk 14
Severity
3.5
EPSS
0.04%
First published (updated )
CVE-2024-30261

Fedoraproject FedoraUndici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline

Risk 26
Severity
4.3
EPSS
0.04%
First published (updated )
CVE-2024-30260

IBM Cognos AnalyticsPath Traversal

Risk 58
Severity
8.8
EPSS
0.04%
First published (updated )
CVE-2024-21891

IBM Cognos AnalyticsPath Traversal

Risk 62
Severity
9.8
EPSS
0.04%
First published (updated )
CVE-2024-21896
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

IBM Cognos AnalyticsNode.js could allow a remote attacker to bypass security restrictions, caused by the improper handli…

Risk 29
Severity
6.5
EPSS
0.04%
First published (updated )
CVE-2024-21890

redhat/nodeCode Injection

Risk 53
Severity
7.8
EPSS
0.04%
First published (updated )
CVE-2024-21892

Nodejs Node.jsNode.js is vulnerable to a denial of service, caused by an error when reading unprocessed HTTP reque…

Risk 31
Severity
7.5
EPSS
0.04%
First published (updated )
CVE-2024-22019

npm/undiciProxy-Authorization header not cleared on cross-origin redirect in fetch in Undici

Risk 21
Severity
4.5
EPSS
0.04%
First published (updated )
CVE-2024-24758

npm/undiciBackpressure request ignored in fetch() in Undici

Risk 28
Severity
6.5
EPSS
0.04%
First published (updated )
CVE-2024-24750
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Nodejs Node.jsNode.js could allow a remote attacker to gain elevated privileges on the system, caused by an error …

Risk 45
Severity
7.5
First published (updated )
CVE-2023-30585

Fedoraproject FedoraNode.js could allow a remote attacker to bypass security restrictions, caused by the circumvention o…

Risk 46
Severity
7.5
First published (updated )
CVE-2023-38552

IBM Cognos AnalyticsPath Traversal

Risk 89
Severity
9.8
First published (updated )
CVE-2023-39332

IBM Cognos AnalyticsPath Traversal, Input Validation

Risk 59
Severity
7.7
First published (updated )
CVE-2023-39331

Fedoraproject FedoraUndici's cookie header not cleared on cross-origin redirect in fetch

Risk 33
Severity
3.9
First published (updated )
CVE-2023-45143
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203