Nodejs

Node.Js

184 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.41%
  • Veröffentlicht 26.06.2026 01:14:37
  • Zuletzt bearbeitet 26.06.2026 20:19:14

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**...

  • EPSS 0.44%
  • Veröffentlicht 26.06.2026 01:14:36
  • Zuletzt bearbeitet 26.06.2026 20:18:50

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnos...

  • EPSS 0.67%
  • Veröffentlicht 26.06.2026 01:14:36
  • Zuletzt bearbeitet 26.06.2026 20:18:43

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or by...

  • EPSS 0.66%
  • Veröffentlicht 26.06.2026 01:14:36
  • Zuletzt bearbeitet 26.06.2026 20:18:56

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **N...

  • EPSS 0.26%
  • Veröffentlicht 26.06.2026 01:14:36
  • Zuletzt bearbeitet 26.06.2026 20:19:06

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

  • EPSS 2.81%
  • Veröffentlicht 26.06.2026 01:14:36
  • Zuletzt bearbeitet 07.07.2026 12:16:56

A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

  • EPSS 0.26%
  • Veröffentlicht 26.06.2026 01:14:36
  • Zuletzt bearbeitet 29.06.2026 14:16:54

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

  • EPSS 0.15%
  • Veröffentlicht 26.06.2026 01:14:36
  • Zuletzt bearbeitet 26.06.2026 20:14:33

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. `--allow-fs-read`. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 2...

  • EPSS 0.15%
  • Veröffentlicht 26.06.2026 01:14:36
  • Zuletzt bearbeitet 26.06.2026 19:55:59

A flaw in Node.js Permission API can cause a local server to be started (via a Unix domain socket), even without the `--allow-net` permission. This vulnerability affects one supported release line: **Node.js 26**.

Exploit
  • EPSS 0.37%
  • Veröffentlicht 22.06.2026 18:59:30
  • Zuletzt bearbeitet 03.07.2026 01:16:22

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.