Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
node.js Number Of NVD 152 CRITICAL 13 HIGH 92 MEDIUM 45 LOW 2
URL https://nodejs.org/
Explanation Node.js releases a major version every 6 months.

The status of each version includes

Current : Added features

Active LTS : New stable features, bug fixes, and other updates are made by the LTS team.

Maintenance LTS : New features are added, major bug fixes and security updates are made by the LTS team. New features will only be added if they can be migrated to subsequent versions.

Odd-numbered releases (9, 11, etc.) will be Current and will be supported by the developers for 6 months only.
Even-numbered releases (10, 12, etc.) will be released after support for odd-numbered releases expires, and will be supported as Current for 6 months by the developers.
After 6 months of even-numbered releases, the system will move to Active LTS for 12 months and become generally available.
After the end of Active LTS, the system will move to Maintenance LTS for 12 months.
Even-numbered releases are usually guaranteed to have critical bugs fixed for a total of 30 months.

Only Active LTS and Maintenance LTS Node.js should be used in commercial products.
Tag
  • MIT License
  • Javascript

Add Information URL
No Type Name URL
1 https://nodejs.org/en/blog/
2 https://nodejs.org/en/blog/release/
3 https://nodejs.org/en/about/releases/
4 https://github.com/nodejs/Release

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
141 New!! Node.js 26 26.5.0 July 8, 2026 May 5, 2026 Oct. 20, 2027 April 30, 2029 0 1 1 1
142 Node.js 22 v22.6.0 Aug. 6, 2024 June 11, 2024 0 1 1 1
143 Node.js 21 21.7.3 April 10, 2024 Oct. 17, 2023 0 0 0 0
144 Node.js 20 20.14.0 May 28, 2024 April 19, 2023 2 12 3 0
145 Node.js 19 19.7.0 Feb. 21, 2023 Oct. 18, 2022 0 5 2 0
146 Node.js 18 (LTS) 18.15.0 March 7, 2023 April 19, 2022 Oct. 18, 2023 April 30, 2025 2 15 8 0
147 Node.js 17 17.9.1 June 2, 2022 Oct. 19, 2021 April 1, 2022 June 1, 2022 0 3 2 0
148 Node.js 16 (LTS) 16.19.1 Feb. 16, 2023 April 20, 2021 Oct. 18, 2022 April 30, 2024 4 16 12 0
149 Node.js 15 15.14.0 April 6, 2021 Oct. 20, 2020 June 1, 2021 1 6 3 0
150 Node.js 14 (LTS) 14.21.3 Feb. 16, 2023 April 21, 2020 Oct. 18, 2021 April 30, 2023 3 22 13 0
151 Node.js 13 13.14.0 April 30, 2020 Oct. 22, 2019 June 1, 2020 2 1 0 0
152 Node.js 12 (LTS) 12.22.12 April 5, 2022 April 23, 2019 Oct. 21, 2019 April 30, 2022 4 24 9 0
153 Node.js 11 11.15.0 April 30, 2019 Oct. 23, 2018 June 1, 2019 0 4 5 0
154 Node.js 10 (LTS) 10.24.1 April 6, 2021 April 24, 2018 May 18, 2020 April 30, 2021 2 28 10 0
155 Node.js 9 9.11.2 June 12, 2018 Oct. 1, 2017 June 30, 2018 1 8 4 1
156 Node.js 8 (LTS) 8.17.0 Dec. 17, 2019 May 30, 2017 Dec. 31, 2018 Dec. 31, 2019 1 23 9 1
157 Node.js 7 7.10.1 July 11, 2017 Oct. 25, 2016 June 30, 2017 2 7 4 0
158 Node.js 6 (LTS) 6.17.1 April 3, 2019 Oct. 18, 2016 April 29, 2018 April 30, 2019 4 24 16 0
159 Node.js 5 5.12.0 June 23, 2016 Oct. 29, 2015 June 30, 2016 1 16 8 0
160 Node.js 4 (LTS) 4.9.1 March 30, 2018 Sept. 8, 2015 March 30, 2017 April 30, 2018 April 1, 2017 6 25 13 0
161 Node.js 3.0 3.0.0 0 5 3 0
162 Node.js 2.0 2.0.2 0 6 4 1
163 Node.js 1 1.1.0 0 10 10 0
164 Node.js 0 0.0.6 2 22 16 0
165 0 0 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
141 7.5
5.0
HIGH
Network
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly … NVD-CWE-Other
CVE-2016-0797 cpe:2.3:a:nodejs:node.js:*:* 4.2.0
4.0.0
5.0.0




4.3.2
4.1.2
5.7.1
2024-11-21 11:42
2016-03-4
Show GitHub Exploit DB Packet Storm
142 5.1
1.9
MEDIUM
Local
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiati… CWE-200
Information Exposure
CVE-2016-0702 cpe:2.3:a:nodejs:node.js:*:* 4.2.0
4.0.0
5.0.0

4.1.2


4.3.2

5.7.1
2024-11-21 11:42
2016-03-4
Show GitHub Exploit DB Packet Storm
143 7.5
5.0
HIGH
Network
Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (unc… CWE-17
Code
CVE-2015-8027 cpe:2.3:a:nodejs:node.js:5.1.0:*
cpe:2.3:a:nodejs:node.js:5.0.0:*
cpe:2.3:a:nodejs:node.js:4.2.2:*
cpe:2.3:a:n…
2024-11-21 11:37
2016-01-3
Show GitHub Exploit DB Packet Storm
144 7.5
5.0
HIGH
Network
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.… CWE-476
 NULL Pointer Dereference
CVE-2015-3194 cpe:2.3:a:nodejs:node.js:*:* 4.0.0
5.0.0
0.12.0
0.10.0






4.2.3
5.1.1
0.12.9
0.10.41
2024-11-21 11:28
2015-12-7
Show GitHub Exploit DB Packet Storm
145 7.5
5.0
HIGH
Network
The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and pro… CWE-200
Information Exposure
CVE-2015-3193 cpe:2.3:a:nodejs:node.js:*:* 4.2.0
4.0.0
5.0.0

4.1.2


4.2.3

5.1.1
2024-11-21 11:28
2015-12-7
Show GitHub Exploit DB Packet Storm
146 9.8
7.5
CRITICAL
Network
The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which al… CWE-119
Incorrect Access of Indexable Resource ('Range Error') 
CVE-2015-6764 cpe:2.3:a:nodejs:node.js:*:* 4.2.0
4.0.0
5.0.0

4.1.2
5.1.1


4.2.3

2024-11-21 11:35
2015-12-6
Show GitHub Exploit DB Packet Storm
147 -
7.5
HIGH The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that th… CWE-119
Incorrect Access of Indexable Resource ('Range Error') 
CVE-2015-5380 cpe:2.3:a:nodejs:node.js:*:* 0.12.5 2024-11-21 11:32
2015-07-9
Show GitHub Exploit DB Packet Storm
148 -
10.0
HIGH libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors. CWE-273
 Improper Check for Dropped Privileges
CVE-2015-0278 cpe:2.3:a:nodejs:node.js:*:* 0.10.37 2024-11-21 11:22
2015-05-19
Show GitHub Exploit DB Packet Storm
149 -
5.0
MEDIUM The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value t… CWE-399
 Resource Management Errors
CVE-2014-7191 cpe:2.3:a:nodejs:node.js:*:* 0.10.18 2024-11-21 11:16
2014-10-19
Show GitHub Exploit DB Packet Storm
150 7.4
5.8
HIGH
Network
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a z… CWE-326
Inadequate Encryption Strength
CVE-2014-0224 cpe:2.3:a:nodejs:node.js:*:* 0.10.29 2024-11-21 11:01
2014-06-6
Show GitHub Exploit DB Packet Storm