Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
node.js Number Of NVD 152 CRITICAL 13 HIGH 92 MEDIUM 45 LOW 2
URL https://nodejs.org/
Explanation Node.js releases a major version every 6 months.

The status of each version includes

Current : Added features

Active LTS : New stable features, bug fixes, and other updates are made by the LTS team.

Maintenance LTS : New features are added, major bug fixes and security updates are made by the LTS team. New features will only be added if they can be migrated to subsequent versions.

Odd-numbered releases (9, 11, etc.) will be Current and will be supported by the developers for 6 months only.
Even-numbered releases (10, 12, etc.) will be released after support for odd-numbered releases expires, and will be supported as Current for 6 months by the developers.
After 6 months of even-numbered releases, the system will move to Active LTS for 12 months and become generally available.
After the end of Active LTS, the system will move to Maintenance LTS for 12 months.
Even-numbered releases are usually guaranteed to have critical bugs fixed for a total of 30 months.

Only Active LTS and Maintenance LTS Node.js should be used in commercial products.
Tag
  • MIT License
  • Javascript

Add Information URL
No Type Name URL
1 https://nodejs.org/en/blog/
2 https://nodejs.org/en/blog/release/
3 https://nodejs.org/en/about/releases/
4 https://github.com/nodejs/Release

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
101 New!! Node.js 26 26.5.0 July 8, 2026 May 5, 2026 Oct. 20, 2027 April 30, 2029 0 1 1 1
102 Node.js 22 v22.6.0 Aug. 6, 2024 June 11, 2024 0 1 1 1
103 Node.js 21 21.7.3 April 10, 2024 Oct. 17, 2023 0 0 0 0
104 Node.js 20 20.14.0 May 28, 2024 April 19, 2023 2 12 3 0
105 Node.js 19 19.7.0 Feb. 21, 2023 Oct. 18, 2022 0 5 2 0
106 Node.js 18 (LTS) 18.15.0 March 7, 2023 April 19, 2022 Oct. 18, 2023 April 30, 2025 2 15 8 0
107 Node.js 17 17.9.1 June 2, 2022 Oct. 19, 2021 April 1, 2022 June 1, 2022 0 3 2 0
108 Node.js 16 (LTS) 16.19.1 Feb. 16, 2023 April 20, 2021 Oct. 18, 2022 April 30, 2024 4 16 12 0
109 Node.js 15 15.14.0 April 6, 2021 Oct. 20, 2020 June 1, 2021 1 6 3 0
110 Node.js 14 (LTS) 14.21.3 Feb. 16, 2023 April 21, 2020 Oct. 18, 2021 April 30, 2023 3 22 13 0
111 Node.js 13 13.14.0 April 30, 2020 Oct. 22, 2019 June 1, 2020 2 1 0 0
112 Node.js 12 (LTS) 12.22.12 April 5, 2022 April 23, 2019 Oct. 21, 2019 April 30, 2022 4 24 9 0
113 Node.js 11 11.15.0 April 30, 2019 Oct. 23, 2018 June 1, 2019 0 4 5 0
114 Node.js 10 (LTS) 10.24.1 April 6, 2021 April 24, 2018 May 18, 2020 April 30, 2021 2 28 10 0
115 Node.js 9 9.11.2 June 12, 2018 Oct. 1, 2017 June 30, 2018 1 8 4 1
116 Node.js 8 (LTS) 8.17.0 Dec. 17, 2019 May 30, 2017 Dec. 31, 2018 Dec. 31, 2019 1 23 9 1
117 Node.js 7 7.10.1 July 11, 2017 Oct. 25, 2016 June 30, 2017 2 7 4 0
118 Node.js 6 (LTS) 6.17.1 April 3, 2019 Oct. 18, 2016 April 29, 2018 April 30, 2019 4 24 16 0
119 Node.js 5 5.12.0 June 23, 2016 Oct. 29, 2015 June 30, 2016 1 16 8 0
120 Node.js 4 (LTS) 4.9.1 March 30, 2018 Sept. 8, 2015 March 30, 2017 April 30, 2018 April 1, 2017 6 25 13 0
121 Node.js 3.0 3.0.0 0 5 3 0
122 Node.js 2.0 2.0.2 0 6 4 1
123 Node.js 1 1.1.0 0 10 10 0
124 Node.js 0 0.0.6 2 22 16 0
125 0 0 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
101 3.1
4.3
LOW
Network
Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This… CWE-665
 Improper Initialization
CVE-2017-15897 cpe:2.3:a:nodejs:node.js:*:* 8.9.0
8.0.0
9.0.0

8.8.1


8.9.3

9.2.1
2024-11-21 12:15
2017-12-12
Show GitHub Exploit DB Packet Storm
102 9.1
6.4
CRITICAL
Network
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application dat… NVD-CWE-noinfo
CVE-2017-15896 cpe:2.3:a:nodejs:node.js:*:* 8.9.0
6.9.0
4.2.0
4.0.0
6.0.0
8.0.0
9.0.0



4.1.2
6.8.1
8.8.1






8.9.3
6.12.2
4.8.7



9.2.1
2024-11-21 12:15
2017-12-12
Show GitHub Exploit DB Packet Storm
103 5.9
4.3
MEDIUM
Network
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA… CWE-200
Information Exposure
CVE-2017-3738 cpe:2.3:a:nodejs:node.js:*:* 8.9.0
6.9.0
4.2.0
4.0.0
6.0.0
8.0.0
9.0.0



4.1.2
6.8.1
8.8.1






8.9.3
6.12.2
4.8.7



9.2.1
2024-11-21 12:26
2017-12-8
Show GitHub Exploit DB Packet Storm
104 7.5
5.0
HIGH
Network
Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 makin… CWE-20
 Improper Input Validation 
CVE-2017-14919 cpe:2.3:a:nodejs:node.js:8.7.0:*
cpe:2.3:a:nodejs:node.js:8.6.0:*
cpe:2.3:a:nodejs:node.js:8.5.0:*
cpe:2.3:a:n…
2024-11-21 12:13
2017-10-31
Show GitHub Exploit DB Packet Storm
105 7.5
5.0
HIGH
Network
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path. CWE-22
Path Traversal
CVE-2014-3744 cpe:2.3:a:nodejs:node.js:*:* 0.2.4 2024-11-21 11:08
2017-10-24
Show GitHub Exploit DB Packet Storm
106 7.5
5.0
HIGH
Network
Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service. CWE-400
 Uncontrolled Resource Consumption
CVE-2015-7384 cpe:2.3:a:nodejs:node.js:4.1.1:*
cpe:2.3:a:nodejs:node.js:4.1.0:*
cpe:2.3:a:nodejs:node.js:4.0.0:*
2024-11-21 11:36
2017-10-11
Show GitHub Exploit DB Packet Storm
107 7.5
5.0
HIGH
Network
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. CWE-22
Path Traversal
CVE-2017-14849 cpe:2.3:a:nodejs:node.js:8.5.0:* 2024-11-21 12:13
2017-09-28
Show GitHub Exploit DB Packet Storm
108 6.5
6.8
MEDIUM
Network
node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption). CWE-399
 Resource Management Errors
CVE-2015-2927 cpe:2.3:a:nodejs:node.js:0.3.2:* 2024-11-21 11:28
2017-09-21
Show GitHub Exploit DB Packet Storm
109 7.5
5.0
HIGH
Network
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was co… CWE-20
 Improper Input Validation 
CVE-2017-11499 cpe:2.3:a:nodejs:node.js:8.1.3:*
cpe:2.3:a:nodejs:node.js:8.1.2:*
cpe:2.3:a:nodejs:node.js:8.1.1:*
cpe:2.3:a:n…
2024-11-21 12:07
2017-07-25
Show GitHub Exploit DB Packet Storm
110 7.5
5.0
HIGH
Network
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was… CWE-200
Information Exposure
CVE-2017-1000381 cpe:2.3:a:nodejs:node.js:*:* 4.2.0
6.9.0
4.0.0
6.0.0
8.0.0
7.0.0
5.0.0


4.1.2
6.8.1


5.12.0






4.8.4
6.11.1


8.1.4
7.10.1
2024-11-21 12:04
2017-07-8
Show GitHub Exploit DB Packet Storm