Software Detail

Software Informaton Top

Framework

Software Detail

node.js

Number Of NVD

149

CRITICAL

HIGH

MEDIUM

LOW

URL	https://nodejs.org/
Explanation	Node.js releases a major version every 6 months. The status of each version includes Current : Added features Active LTS : New stable features, bug fixes, and other updates are made by the LTS team. Maintenance LTS : New features are added, major bug fixes and security updates are made by the LTS team. New features will only be added if they can be migrated to subsequent versions. Odd-numbered releases (9, 11, etc.) will be Current and will be supported by the developers for 6 months only. Even-numbered releases (10, 12, etc.) will be released after support for odd-numbered releases expires, and will be supported as Current for 6 months by the developers. After 6 months of even-numbered releases, the system will move to Active LTS for 12 months and become generally available. After the end of Active LTS, the system will move to Maintenance LTS for 12 months. Even-numbered releases are usually guaranteed to have critical bugs fixed for a total of 30 months. Only Active LTS and Maintenance LTS Node.js should be used in commercial products.
Tag	MIT License Javascript

Add Information URL

No	Type	Name	URL
1			https://nodejs.org/en/blog/
2			https://nodejs.org/en/blog/release/
3			https://nodejs.org/en/about/releases/
4			https://github.com/nodejs/Release

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Security Support Service Pack Support	Extended for a fee	Critical	High	Medium	Low
71	Node.js 22	v22.6.0	Aug. 6, 2024	June 11, 2024				0	0	0	0
72	Node.js 21	21.7.3	April 10, 2024	Oct. 17, 2023				0	0	0	0
73	Node.js 20	20.14.0	May 28, 2024	April 19, 2023				2	12	3	0
74	Node.js 19	19.7.0	Feb. 21, 2023	Oct. 18, 2022				0	5	2	0
75	Node.js 18 (LTS)	18.15.0	March 7, 2023	April 19, 2022	Oct. 18, 2023	April 30, 2025		2	15	8	0
76	Node.js 17	17.9.1	June 2, 2022	Oct. 19, 2021	April 1, 2022	June 1, 2022		0	3	2	0
77	Node.js 16 (LTS)	16.19.1	Feb. 16, 2023	April 20, 2021	Oct. 18, 2022	April 30, 2024		4	16	12	0
78	Node.js 15	15.14.0	April 6, 2021	Oct. 20, 2020	June 1, 2021			1	6	3	0
79	Node.js 14 (LTS)	14.21.3	Feb. 16, 2023	April 21, 2020	Oct. 18, 2021	April 30, 2023		3	22	13	0
80	Node.js 13	13.14.0	April 30, 2020	Oct. 22, 2019	June 1, 2020			2	1	0	0
81	Node.js 12 (LTS)	12.22.12	April 5, 2022	April 23, 2019	Oct. 21, 2019	April 30, 2022		4	24	9	0
82	Node.js 11	11.15.0	April 30, 2019	Oct. 23, 2018	June 1, 2019			0	4	5	0
83	Node.js 10 (LTS)	10.24.1	April 6, 2021	April 24, 2018	May 18, 2020	April 30, 2021		2	28	10	0
84	Node.js 9	9.11.2	June 12, 2018	Oct. 1, 2017	June 30, 2018			1	8	4	1
85	Node.js 8 (LTS)	8.17.0	Dec. 17, 2019	May 30, 2017	Dec. 31, 2018	Dec. 31, 2019		1	23	9	1
86	Node.js 7	7.10.1	July 11, 2017	Oct. 25, 2016	June 30, 2017			2	7	4	0
87	Node.js 6 (LTS)	6.17.1	April 3, 2019	Oct. 18, 2016	April 29, 2018	April 30, 2019		4	24	16	0
88	Node.js 5	5.12.0	June 23, 2016	Oct. 29, 2015	June 30, 2016			1	16	8	0
89	Node.js 4 (LTS)	4.9.1	March 30, 2018	Sept. 8, 2015	March 30, 2017	April 30, 2018	April 1, 2017	6	25	13	0
90	Node.js 3.0	3.0.0						0	5	3	0
91	Node.js 2.0	2.0.2						0	5	3	0
92	Node.js 1	1.1.0						0	10	10	0
93	Node.js 0	0.0.6						2	22	16	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
71	7.5 7.8	HIGH Network	Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2019-9515	cpe:2.3:a:nodejs:node.js::	10.13.0 8.9.0 8.0.0 10.0.0 12.0.0	8.8.1 10.12.0	10.16.3 8.16.1 12.8.1	2024-11-21 13:51 2019-08-14	Show	GitHub Exploit DB Packet Storm

72	7.5 7.8	HIGH Network	Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that shou…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2019-9514	cpe:2.3:a:nodejs:node.js::	10.13.0 8.9.0 8.0.0 10.0.0 12.0.0	8.8.1 10.12.0	10.16.3 8.16.1 12.8.1	2024-11-21 13:51 2019-08-14	Show	GitHub Exploit DB Packet Storm

73	7.5 7.8	HIGH Network	Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the st…	NVD-CWE-Other	CVE-2019-9513	cpe:2.3:a:nodejs:node.js::	10.13.0 8.9.0 8.0.0 10.0.0 12.0.0	8.8.1 10.12.0	10.16.3 8.16.1 12.8.1	2024-11-21 13:51 2019-08-14	Show	GitHub Exploit DB Packet Storm

74	7.5 7.8	HIGH Network	Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2019-9511	cpe:2.3:a:nodejs:node.js::	10.13.0 8.9.0 8.0.0 10.0.0 12.0.0	8.8.1 10.12.0	10.16.3 8.16.1 12.8.1	2024-11-21 13:51 2019-08-14	Show	GitHub Exploit DB Packet Storm

75	7.5 5.0	HIGH Network	Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 …	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2019-5739	cpe:2.3:a:nodejs:node.js::		6.16.0		2024-11-21 13:45 2019-03-29	Show	GitHub Exploit DB Packet Storm

76	7.5 5.0	HIGH Network	In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2019-5737	cpe:2.3:a:nodejs:node.js::	6.0.0 8.0.0 10.0.0 11.0.0		6.17.0 8.15.1 10.15.2 11.10.1	2024-11-21 13:45 2019-03-29	Show	GitHub Exploit DB Packet Storm

77	5.9 4.3	MEDIUM Network	If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling appl…	CWE-203 Information Exposure Through Discrepancy	CVE-2019-1559	cpe:2.3:a:nodejs:node.js::	6.9.0 8.9.0 6.0.0 8.0.0	6.8.1 8.8.1	6.17.0 8.15.1	2024-11-21 13:36 2019-02-28	Show	GitHub Exploit DB Packet Storm

78	4.3 4.3	MEDIUM Network	Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL …	CWE-20 Improper Input Validation	CVE-2018-12123	cpe:2.3:a:nodejs:node.js::	10.0.0 8.0.0 6.0.0 11.0.0		10.14.0 8.14.0 6.15.0 11.3.0	2024-11-21 12:44 2018-11-29	Show	GitHub Exploit DB Packet Storm

79	7.5 5.0	HIGH Network	Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTT…	CWE-400 Uncontrolled Resource Consumption	CVE-2018-12122	cpe:2.3:a:nodejs:node.js::	10.0.0 8.0.0 6.0.0 11.0.0		10.14.0 8.14.0 6.15.1 11.3.0	2024-11-21 12:44 2018-11-29	Show	GitHub Exploit DB Packet Storm

80	7.5 5.0	HIGH Network	Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB …	CWE-400 Uncontrolled Resource Consumption	CVE-2018-12121	cpe:2.3:a:nodejs:node.js::	10.0.0 8.0.0 6.0.0 11.0.0		10.14.0 8.14.0 6.15.0 11.3.0	2024-11-21 12:44 2018-11-29	Show	GitHub Exploit DB Packet Storm