Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
node.js Number Of NVD 149 CRITICAL 13 HIGH 91 MEDIUM 44 LOW 1
URL https://nodejs.org/
Explanation Node.js releases a major version every 6 months.

The status of each version includes

Current : Added features

Active LTS : New stable features, bug fixes, and other updates are made by the LTS team.

Maintenance LTS : New features are added, major bug fixes and security updates are made by the LTS team. New features will only be added if they can be migrated to subsequent versions.

Odd-numbered releases (9, 11, etc.) will be Current and will be supported by the developers for 6 months only.
Even-numbered releases (10, 12, etc.) will be released after support for odd-numbered releases expires, and will be supported as Current for 6 months by the developers.
After 6 months of even-numbered releases, the system will move to Active LTS for 12 months and become generally available.
After the end of Active LTS, the system will move to Maintenance LTS for 12 months.
Even-numbered releases are usually guaranteed to have critical bugs fixed for a total of 30 months.

Only Active LTS and Maintenance LTS Node.js should be used in commercial products.
Tag
  • MIT License
  • Javascript
Add Information URL
No Type Name URL
1 https://nodejs.org/en/blog/
2 https://nodejs.org/en/blog/release/
3 https://nodejs.org/en/about/releases/
4 https://github.com/nodejs/Release
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
121 Node.js 22 v22.6.0 Aug. 6, 2024 June 11, 2024 0 0 0 0
122 Node.js 21 21.7.3 April 10, 2024 Oct. 17, 2023 0 0 0 0
123 Node.js 20 20.14.0 May 28, 2024 April 19, 2023 2 12 3 0
124 Node.js 19 19.7.0 Feb. 21, 2023 Oct. 18, 2022 0 5 2 0
125 Node.js 18 (LTS) 18.15.0 March 7, 2023 April 19, 2022 Oct. 18, 2023 April 30, 2025 2 15 8 0
126 Node.js 17 17.9.1 June 2, 2022 Oct. 19, 2021 April 1, 2022 June 1, 2022 0 3 2 0
127 Node.js 16 (LTS) 16.19.1 Feb. 16, 2023 April 20, 2021 Oct. 18, 2022 April 30, 2024 4 16 12 0
128 Node.js 15 15.14.0 April 6, 2021 Oct. 20, 2020 June 1, 2021 1 6 3 0
129 Node.js 14 (LTS) 14.21.3 Feb. 16, 2023 April 21, 2020 Oct. 18, 2021 April 30, 2023 3 22 13 0
130 Node.js 13 13.14.0 April 30, 2020 Oct. 22, 2019 June 1, 2020 2 1 0 0
131 Node.js 12 (LTS) 12.22.12 April 5, 2022 April 23, 2019 Oct. 21, 2019 April 30, 2022 4 24 9 0
132 Node.js 11 11.15.0 April 30, 2019 Oct. 23, 2018 June 1, 2019 0 4 5 0
133 Node.js 10 (LTS) 10.24.1 April 6, 2021 April 24, 2018 May 18, 2020 April 30, 2021 2 28 10 0
134 Node.js 9 9.11.2 June 12, 2018 Oct. 1, 2017 June 30, 2018 1 8 4 1
135 Node.js 8 (LTS) 8.17.0 Dec. 17, 2019 May 30, 2017 Dec. 31, 2018 Dec. 31, 2019 1 23 9 1
136 Node.js 7 7.10.1 July 11, 2017 Oct. 25, 2016 June 30, 2017 2 7 4 0
137 Node.js 6 (LTS) 6.17.1 April 3, 2019 Oct. 18, 2016 April 29, 2018 April 30, 2019 4 24 16 0
138 Node.js 5 5.12.0 June 23, 2016 Oct. 29, 2015 June 30, 2016 1 16 8 0
139 Node.js 4 (LTS) 4.9.1 March 30, 2018 Sept. 8, 2015 March 30, 2017 April 30, 2018 April 1, 2017 6 25 13 0
140 Node.js 3.0 3.0.0 0 5 3 0
141 Node.js 2.0 2.0.2 0 5 3 0
142 Node.js 1 1.1.0 0 10 10 0
143 Node.js 0 0.0.6 2 22 16 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
121 6.1
4.3 		MEDIUM
Network 		The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag. CWE-79
Cross-site Scripting 		CVE-2013-7451 cpe:2.3:a:nodejs:node.js:1.0.4:* 2024-11-21 11:01
2017-01-24 		Show GitHub Exploit DB Packet Storm
122 5.9
4.3 		MEDIUM
Network 		The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certifi… CWE-19
 Data Processing Errors 		CVE-2016-7099 cpe:2.3:a:nodejs:node.js:6.6.0:*
cpe:2.3:a:nodejs:node.js:6.5.0:*
cpe:2.3:a:nodejs:node.js:6.4.0:*
cpe:2.3:a:n… 		2024-11-21 11:57
2016-10-11 		Show GitHub Exploit DB Packet Storm
123 6.1
4.3 		MEDIUM
Network 		CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject… CWE-113
HTTP Response Splitting 		CVE-2016-5325 cpe:2.3:a:nodejs:node.js:6.6.0:*
cpe:2.3:a:nodejs:node.js:6.5.0:*
cpe:2.3:a:nodejs:node.js:6.4.0:*
cpe:2.3:a:n… 		2024-11-21 11:54
2016-10-11 		Show GitHub Exploit DB Packet Storm
124 9.8
7.5 		CRITICAL
Network 		Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code … CWE-787
 Out-of-bounds Write 		CVE-2016-5180 cpe:2.3:a:nodejs:node.js:*:* 4.0.0
0.12.0
0.10.0



4.6.1
0.12.17
0.10.48 		2024-11-21 11:53
2016-10-4 		Show GitHub Exploit DB Packet Storm
125 7.5
5.0 		HIGH
Network 		crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. CWE-476
 NULL Pointer Dereference 		CVE-2016-7052 cpe:2.3:a:nodejs:node.js:*:* 4.2.0
4.0.0
6.0.0
4.1.2

4.6.0

6.7.0 		2024-11-21 11:57
2016-09-27 		Show GitHub Exploit DB Packet Storm
126 5.9
4.3 		MEDIUM
Network 		The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s… CWE-125
Out-of-bounds Read 		CVE-2016-6306 cpe:2.3:a:nodejs:node.js:*:* 4.2.0
4.0.0
0.12.0
0.10.0
6.0.0
5.0.0
4.1.2



5.12.0




4.6.0

0.12.16
0.10.47
6.7.0
 2024-11-21 11:55
2016-09-27 		Show GitHub Exploit DB Packet Storm
127 7.5
7.8 		HIGH
Network 		Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status… CWE-401
 Missing Release of Memory after Effective Lifetime 		CVE-2016-6304 cpe:2.3:a:nodejs:node.js:*:* 0.12.0
0.10.0
6.0.0
4.0.0





0.12.16
0.10.47
6.7.0
4.6.0 		2024-11-21 11:55
2016-09-27 		Show GitHub Exploit DB Packet Storm
128 6.5
4.3 		MEDIUM
Network 		The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted Ja… CWE-200
Information Exposure 		CVE-2016-5172 cpe:2.3:a:nodejs:node.js:*:* 6.0.0 6.8.1 2024-11-21 11:53
2016-09-26 		Show GitHub Exploit DB Packet Storm
129 9.8
7.5 		CRITICAL
Network 		Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or poss… CWE-787
 Out-of-bounds Write 		CVE-2016-6303 cpe:2.3:a:nodejs:node.js:*:*
4.0.0
6.0.0



0.12.16
4.6.0
6.6.0 		2024-11-21 11:55
2016-09-16 		Show GitHub Exploit DB Packet Storm
130 7.5
5.0 		HIGH
Network 		The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for re… CWE-200
Information Exposure 		CVE-2016-2183 cpe:2.3:a:nodejs:node.js:*:* 4.2.0
6.0.0
4.0.0
0.12.0
0.10.0







4.6.0
6.7.0
4.1.2
0.12.16
0.10.47 		2024-11-21 11:47
2016-09-1 		Show GitHub Exploit DB Packet Storm