Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
node.js Number Of NVD 149 CRITICAL 13 HIGH 91 MEDIUM 44 LOW 1
URL https://nodejs.org/
Explanation Node.js releases a major version every 6 months.

The status of each version includes

Current : Added features

Active LTS : New stable features, bug fixes, and other updates are made by the LTS team.

Maintenance LTS : New features are added, major bug fixes and security updates are made by the LTS team. New features will only be added if they can be migrated to subsequent versions.

Odd-numbered releases (9, 11, etc.) will be Current and will be supported by the developers for 6 months only.
Even-numbered releases (10, 12, etc.) will be released after support for odd-numbered releases expires, and will be supported as Current for 6 months by the developers.
After 6 months of even-numbered releases, the system will move to Active LTS for 12 months and become generally available.
After the end of Active LTS, the system will move to Maintenance LTS for 12 months.
Even-numbered releases are usually guaranteed to have critical bugs fixed for a total of 30 months.

Only Active LTS and Maintenance LTS Node.js should be used in commercial products.
Tag
  • MIT License
  • Javascript
Add Information URL
No Type Name URL
1 https://nodejs.org/en/blog/
2 https://nodejs.org/en/blog/release/
3 https://nodejs.org/en/about/releases/
4 https://github.com/nodejs/Release
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
81 Node.js 22 v22.6.0 Aug. 6, 2024 June 11, 2024 0 0 0 0
82 Node.js 21 21.7.3 April 10, 2024 Oct. 17, 2023 0 0 0 0
83 Node.js 20 20.14.0 May 28, 2024 April 19, 2023 2 12 3 0
84 Node.js 19 19.7.0 Feb. 21, 2023 Oct. 18, 2022 0 5 2 0
85 Node.js 18 (LTS) 18.15.0 March 7, 2023 April 19, 2022 Oct. 18, 2023 April 30, 2025 2 15 8 0
86 Node.js 17 17.9.1 June 2, 2022 Oct. 19, 2021 April 1, 2022 June 1, 2022 0 3 2 0
87 Node.js 16 (LTS) 16.19.1 Feb. 16, 2023 April 20, 2021 Oct. 18, 2022 April 30, 2024 4 16 12 0
88 Node.js 15 15.14.0 April 6, 2021 Oct. 20, 2020 June 1, 2021 1 6 3 0
89 Node.js 14 (LTS) 14.21.3 Feb. 16, 2023 April 21, 2020 Oct. 18, 2021 April 30, 2023 3 22 13 0
90 Node.js 13 13.14.0 April 30, 2020 Oct. 22, 2019 June 1, 2020 2 1 0 0
91 Node.js 12 (LTS) 12.22.12 April 5, 2022 April 23, 2019 Oct. 21, 2019 April 30, 2022 4 24 9 0
92 Node.js 11 11.15.0 April 30, 2019 Oct. 23, 2018 June 1, 2019 0 4 5 0
93 Node.js 10 (LTS) 10.24.1 April 6, 2021 April 24, 2018 May 18, 2020 April 30, 2021 2 28 10 0
94 Node.js 9 9.11.2 June 12, 2018 Oct. 1, 2017 June 30, 2018 1 8 4 1
95 Node.js 8 (LTS) 8.17.0 Dec. 17, 2019 May 30, 2017 Dec. 31, 2018 Dec. 31, 2019 1 23 9 1
96 Node.js 7 7.10.1 July 11, 2017 Oct. 25, 2016 June 30, 2017 2 7 4 0
97 Node.js 6 (LTS) 6.17.1 April 3, 2019 Oct. 18, 2016 April 29, 2018 April 30, 2019 4 24 16 0
98 Node.js 5 5.12.0 June 23, 2016 Oct. 29, 2015 June 30, 2016 1 16 8 0
99 Node.js 4 (LTS) 4.9.1 March 30, 2018 Sept. 8, 2015 March 30, 2017 April 30, 2018 April 1, 2017 6 25 13 0
100 Node.js 3.0 3.0.0 0 5 3 0
101 Node.js 2.0 2.0.2 0 5 3 0
102 Node.js 1 1.1.0 0 10 10 0
103 Node.js 0 0.0.6 2 22 16 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
81 7.5
5.0 		HIGH
Network 		Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, t… NVD-CWE-Other
CVE-2018-12116 cpe:2.3:a:nodejs:node.js:*:* 6.9.0
8.9.0
6.0.0
8.0.0

6.8.1
8.8.1


6.15.0
8.14.0

 2024-11-21 12:44
2018-11-29 		Show GitHub Exploit DB Packet Storm
82 8.1
6.8 		HIGH
Network 		Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all… CWE-829
 Inclusion of Functionality from Untrusted Control Sphere 		CVE-2018-12120 cpe:2.3:a:nodejs:node.js:*:* 6.0.0 6.15.0 2024-11-21 12:44
2018-11-29 		Show GitHub Exploit DB Packet Storm
83 4.7
1.9 		MEDIUM
Local 		Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. CWE-203
 Information Exposure Through Discrepancy 		CVE-2018-5407 cpe:2.3:a:nodejs:node.js:*:* 10.0.0
8.0.0



10.9.0
8.11.4
6.14.4 		2024-11-21 13:08
2018-11-16 		Show GitHub Exploit DB Packet Storm
84 5.9
4.3 		MEDIUM
Network 		The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in Ope… CWE-327
 Use of a Broken or Risky Cryptographic Algorithm 		CVE-2018-0734 cpe:2.3:a:nodejs:node.js:10.13.0:*
cpe:2.3:a:nodejs:node.js:*:* 		6.9.0
8.9.0
6.0.0
8.0.0
10.0.0
11.0.0

6.8.1
8.8.1
10.12.0




6.15.0
8.14.0



11.3.0 		2024-11-21 12:38
2018-10-30 		Show GitHub Exploit DB Packet Storm
85 5.9
4.3 		MEDIUM
Network 		The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in O… CWE-327
 Use of a Broken or Risky Cryptographic Algorithm 		CVE-2018-0735 cpe:2.3:a:nodejs:node.js:10.13.0:*
cpe:2.3:a:nodejs:node.js:*:* 		11.0.0
10.0.0

11.3.0
10.12.0 		2024-11-21 12:38
2018-10-29 		Show GitHub Exploit DB Packet Storm
86 7.5
5.0 		HIGH
Network 		In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()`… CWE-787
 Out-of-bounds Write 		CVE-2018-12115 cpe:2.3:a:nodejs:node.js:*:* 10.0.0
8.0.0



10.9.0
8.11.4
6.14.4 		2024-11-21 12:44
2018-08-21 		Show GitHub Exploit DB Packet Storm
87 7.5
5.0 		HIGH
Network 		In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, o… CWE-908
 Use of Uninitialized Resource 		CVE-2018-7166 cpe:2.3:a:nodejs:node.js:*:* 10.0.0 10.9.0 2024-11-21 13:11
2018-08-21 		Show GitHub Exploit DB Packet Storm
88 7.5
5.0 		HIGH
Network 		Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc(… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2018-7167 cpe:2.3:a:nodejs:node.js:*:* 8.9.0

9.0.0


6.9.0
 8.11.3
6.14.3
9.11.2 		2024-11-21 13:11
2018-06-14 		Show GitHub Exploit DB Packet Storm
89 7.5
5.0 		HIGH
Network 		Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the ne… CWE-400
 Uncontrolled Resource Consumption 		CVE-2018-7164 cpe:2.3:a:nodejs:node.js:*:* 10.0.0
9.7.0

10.4.1
9.11.2 		2024-11-21 13:11
2018-06-14 		Show GitHub Exploit DB Packet Storm
90 7.5
7.8 		HIGH
Network 		All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS se… CWE-20
 Improper Input Validation  		CVE-2018-7162 cpe:2.3:a:nodejs:node.js:*:* 10.0.0
9.0.0

10.4.1
9.11.2 		2024-11-21 13:11
2018-06-14 		Show GitHub Exploit DB Packet Storm