Max CVSS 9.3 Min CVSS 1.9 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-8172 5.8
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
12-05-2022 - 15:01 08-06-2020 - 14:15
CVE-2020-8174 9.3
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
12-05-2022 - 15:01 24-07-2020 - 22:15
CVE-2020-8277 5.0
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number
10-05-2022 - 15:25 19-11-2020 - 01:15
CVE-2020-8287 6.4
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This c
06-04-2022 - 16:27 06-01-2021 - 21:15
CVE-2020-8265 6.8
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap
06-04-2022 - 16:26 06-01-2021 - 21:15
CVE-2020-15095 1.9
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and
11-01-2021 - 11:15 07-07-2020 - 19:15
CVE-2020-8251 5.0
Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.
11-01-2021 - 11:15 18-09-2020 - 21:15
CVE-2020-8201 5.8
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multit
11-01-2021 - 11:15 18-09-2020 - 21:15
CVE-2020-8251 5.0
Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.
29-09-2020 - 18:31 18-09-2020 - 21:15
CVE-2020-8201 6.4
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multit
29-09-2020 - 18:28 18-09-2020 - 21:15
Back to Top Mark selected
Back to Top