| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-2229 | undici is vulnerable to Unhandled Exception in undici WebSocket Client Due to Invalid server_max_window_bits Validation | undici | undici | High | 7.5 | 2026-03-12 20:27:06 | Deep Dive |
| CVE-2026-1528 | undici is vulnerable to Malicious WebSocket 64-bit length overflows undici parser and crashes the client | undici | undici | High | 7.5 | 2026-03-12 20:21:58 | Deep Dive |
| CVE-2026-1527 | undici is vulnerable to CRLF Injection via upgrade option | undici | undici | Medium | 4.6 | 2026-03-12 20:17:19 | Deep Dive |
| CVE-2026-2581 | undici is vulnerable to Unbounded Memory Consumption in in Undici's DeduplicationHandler via Response Buffering leads to DoS | undici | undici | Medium | 5.9 | 2026-03-12 20:13:20 | Deep Dive |
| CVE-2026-1526 | undici is vulnerable to Unbounded Memory Consumption in undici WebSocket permessage-deflate Decompression | undici | undici | High | 7.5 | 2026-03-12 20:08:06 | Deep Dive |
| CVE-2026-1525 | undici is vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') | undici | undici | Medium | 6.5 | 2026-03-12 19:56:55 | Deep Dive |
| CVE-2026-22036 | Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion | nodejs | undici | Medium | 5.9 | 2026-01-14 19:07:14 | Deep Dive |
| CVE-2025-47279 | undici Denial of Service attack via bad certificate data | nodejs | undici | Low | 3.1 | 2025-05-15 17:16:03 | Deep Dive |
| CVE-2025-22150 | Undici Uses Insufficiently Random Values | nodejs | undici | Medium | 6.8 | 2025-01-21 17:46:59 | Deep Dive |
| CVE-2024-38372 | Undici vulnerable to data leak when using response.arrayBuffer() | nodejs | undici | Low | 2.0 | 2024-07-08 20:25:59 | Deep Dive |
| CVE-2024-30260 | Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline | nodejs | undici | Low | 3.9 | 2024-04-04 15:15:45 | Deep Dive |
| CVE-2024-30261 | Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect | nodejs | undici | Low | 2.6 | 2024-04-04 15:09:11 | Deep Dive |
| CVE-2024-24750 | Backpressure request ignored in fetch() in Undici | nodejs | undici | Medium | 6.5 | 2024-02-16 21:42:30 | Deep Dive |
| CVE-2024-24758 | Proxy-Authorization header not cleared on cross-origin redirect in fetch in Undici | nodejs | undici | Low | 3.9 | 2024-02-16 21:40:38 | Deep Dive |
| CVE-2023-45143 | Undici's cookie header not cleared on cross-origin redirect in fetch | nodejs | undici | Low | 3.9 | 2023-10-12 16:35:41 | Deep Dive |
| CVE-2023-23936 | CRLF Injection in Nodejs ‘undici’ via host | nodejs | undici | Medium | 6.5 | 2023-02-16 17:30:24 | Deep Dive |
| CVE-2023-24807 | Undici vulnerable to Regular Expression Denial of Service in Headers | nodejs | undici | High | 7.5 | 2023-02-16 17:30:20 | Deep Dive |
| CVE-2022-35948 | CRLF Injection in Nodejs ‘undici’ via Content-Type | nodejs | undici | Medium | 5.3 | 2022-08-13 00:00:00 | Deep Dive |
| CVE-2022-35949 | `undici.request` vulnerable to SSRF using absolute URL on `pathname` | nodejs | undici | Medium | 5.3 | 2022-08-12 00:00:00 | Deep Dive |
| CVE-2022-31151 | Uncleared cookies on cross-host/cross-origin redirect in undici | nodejs | undici | Low | 3.7 | 2022-07-20 23:00:15 | Deep Dive |