Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

NodeJS — Vulnerabilities & Security Advisories 123

Browse all 123 CVE security advisories affecting NodeJS. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Node.js is a server-side JavaScript runtime environment primarily used for building scalable network applications and APIs. Its event-driven, non-blocking I/O architecture makes it popular for real-time services, yet this design introduces specific security challenges. Historically, the platform has been susceptible to Remote Code Execution (RCE) vulnerabilities, often stemming from prototype pollution or improper input validation in core modules. Cross-Site Scripting (XSS) and server-side request forgery (SSRF) are also frequent issues, particularly when handling untrusted user data or integrating with third-party libraries. With over 111 recorded Common Vulnerabilities and Exposures (CVEs), the ecosystem’s reliance on numerous npm packages amplifies supply chain risks. Notable incidents have included critical flaws in the HTTP parser and DNS resolution mechanisms, highlighting the necessity for rigorous dependency auditing and timely patching to mitigate exploitation of these systemic weaknesses in production environments.

Top products by NodeJS: Node undici
CVE IDTitleCVSSSeverityPublished
CVE-2026-48936 nodejs Node.js 权限许可和访问控制问题漏洞 — nodeCWE-284--2026-06-26
CVE-2026-48930 nodejs Node.js 权限许可和访问控制问题漏洞 — nodeCWE-284--2026-06-26
CVE-2026-48928 nodejs Node.js 权限许可和访问控制问题漏洞 — nodeCWE-284--2026-06-26
CVE-2026-48615 nodejs node.js 信息泄露漏洞 — nodeCWE-359--2026-06-26
CVE-2026-48934 nodejs Node.js 安全漏洞 — node--2026-06-26
CVE-2026-48619 nodejs Node.js 资源管理错误漏洞 — nodeCWE-400--2026-06-26
CVE-2026-48935 nodejs Node.js 权限许可和访问控制问题漏洞 — nodeCWE-276--2026-06-26
CVE-2026-48618 nodejs Node.js 输入验证错误漏洞 — nodeCWE-176--2026-06-26
CVE-2026-48933 nodejs Node.js 数字错误漏洞 — nodeCWE-190--2026-06-26
CVE-2026-48931 nodejs node 竞争条件问题漏洞 — nodeCWE-367--2026-06-22
CVE-2026-48937 Node.js 资源管理错误漏洞 — nodeCWE-400--2026-06-18
CVE-2026-48617 Node.js 权限许可和访问控制问题漏洞 — nodeCWE-284--2026-06-18
CVE-2026-21716 Node.js 安全漏洞 — node 8.8AIHighAI2026-03-30
CVE-2026-21710 Node.js 安全漏洞 — node 7.5AIHighAI2026-03-30
CVE-2026-21715 Node.js 安全漏洞 — node 6.5AIMediumAI2026-03-30
CVE-2026-21711 Node.js 安全漏洞 — node 9.9AICriticalAI2026-03-30
CVE-2026-21713 Node.js 安全漏洞 — node 3.7AILowAI2026-03-30
CVE-2026-21717 Node.js 安全漏洞 — node 5.3AIMediumAI2026-03-30
CVE-2026-21714 Node.js 安全漏洞 — node 7.5AIHighAI2026-03-30
CVE-2026-21712 Node.js 安全漏洞 — node 7.5AIHighAI2026-03-30
CVE-2025-55131 Node.js 安全漏洞 — node 7.4AIHighAI2026-01-20
CVE-2025-55132 Node.js 安全漏洞 — node 4.3 -2026-01-20
CVE-2025-59466 Node.js 安全漏洞 — node 7.5 -2026-01-20
CVE-2025-59464 Node.js 安全漏洞 — node 7.5 -2026-01-20
CVE-2026-21636 Node.js 安全漏洞 — node 8.4 -2026-01-20
CVE-2025-55130 Node.js 安全漏洞 — node 9.8AICriticalAI2026-01-20
CVE-2025-59465 Node.js 安全漏洞 — node 7.5AIHighAI2026-01-20
CVE-2026-21637 Node.js 安全漏洞 — node 7.5 -2026-01-20
CVE-2026-22036 Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion — undiciCWE-770 5.9 Medium2026-01-14
CVE-2025-27210 Node.js 路径遍历漏洞 — node 9.1AICriticalAI2025-07-18

This page lists every published CVE security advisory associated with NodeJS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.