Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Nodejs Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 107 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8860 1 Nodejs 1 Node.js 2017-01-24 5.0 MEDIUM 7.5 HIGH
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.
CVE-2013-7453 1 Nodejs 1 Node.js 2017-01-24 4.3 MEDIUM 6.1 MEDIUM
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.
CVE-2013-7454 1 Nodejs 1 Node.js 2017-01-24 4.3 MEDIUM 6.1 MEDIUM
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.
CVE-2013-7452 1 Nodejs 1 Node.js 2017-01-24 4.3 MEDIUM 6.1 MEDIUM
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.
CVE-2013-7451 1 Nodejs 1 Node.js 2017-01-24 4.3 MEDIUM 6.1 MEDIUM
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.
CVE-2015-5380 3 Google, Iojs, Nodejs 3 V8, Io.js, Node.js 2016-11-28 7.5 HIGH N/A
The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence.
CVE-2014-5256 1 Nodejs 1 Nodejs 2015-05-12 5.0 MEDIUM N/A
Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack.