nodejs
CVE Numbering Authority
Latest CVE published
Overview
nodejs is a CVE Numbering Authority that has published 18 CVE records since 2017. It is currently classified as inactive, with 0 CVEs published in the last two years. Its CVE data quality is graded D (66.7% overall completeness).
Among the 370 CNAs tracked here, nodejs ranks #254 by CVE volume and reports more complete records than 18% of all CNAs.
Data quality report card
How complete and consistent nodejs's CVE records are, scored across vendor, product, CVSS, and CWE coverage.
A CVE record only requires a description to be published. “Completeness” measures how often nodejs also fills in the optional — but extremely useful — fields that make a vulnerability actually actionable: the affected vendor and product, a CVSS severity score, and a CWE weakness type. A higher score means more of this CNA’s CVEs include those details, so defenders spend less time enriching records by hand.
Report card grade
66.7%
Overall score
What these scores mean
- Vendor completeness
- The share of this CNA's CVEs that name an affected vendor.
- Product completeness
- The share that name a specific affected product.
- CVSS completeness
- The share that include a CVSS severity score.
- CWE completeness
- The share mapped to a CWE weakness type.
- Update rate
- How often this CNA revises CVE records after first publishing them.
- Vendor diversity
- How many distinct vendors this CNA publishes CVEs for.
Severity and exploitation
How the CVSS severity of nodejs's published CVEs breaks down, and how many are known to be exploited in the wild.
In CISA’s Known Exploited Vulnerabilities catalog
0
None of nodejs's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.
Common weakness types
The CWE weakness categories nodejs most often assigns to its CVEs. Follow any weakness to its full explanation.
- CWE-400Uncontrolled Resource Consumption4 CVEs
- CWE-115Misinterpretation of Input3 CVEs
- CWE-226Sensitive Information in Resource Not Removed Before Reuse1 CVE
- CWE-419Unprotected Primary Channel1 CVE
- CWE-787Out-of-bounds Write1 CVE
- CWE-350Reliance on Reverse DNS Resolution for a Security-Critical Action1 CVE
- CWE-185Incorrect Regular Expression1 CVE
Publishing activity by year
How many CVEs nodejs has published each year.
Top vendors
The vendors nodejs publishes the most CVEs for.
- Node.js18 CVEs
- Node.js18 CVEs
- openSUSE2 CVEs
- Red Hat2 CVEs
- SUSE2 CVEs
Top products
The products nodejs publishes the most CVEs for.
- node18 CVEs
- Node.js18 CVEs
- suse openstack cloud2 CVEs
- leap2 CVEs
- suse enterprise storage2 CVEs
- suse linux enterprise server2 CVEs
- enterprise linux workstation1 CVEs
- enterprise linux1 CVEs
Latest CVEs
The most recent CVEs assigned by nodejs.
- CVE-2019-5739CWE-400High · CVSS 7.5EPSS 5.1%2019-03-28
- CVE-2019-5737CWE-400High · CVSS 7.5EPSS 16.2%2019-03-28
- CVE-2018-12122CWE-400High · CVSS 7.5EPSS 41.3%2018-11-28
- CVE-2018-12121CWE-400High · CVSS 7.5EPSS 10.2%2018-11-28
- CVE-2018-12116CWE-115High · CVSS 7.5EPSS 4.6%2018-11-28
- CVE-2018-12120CWE-419High · CVSS 8.1EPSS 4.3%2018-11-28
- CVE-2018-12123CWE-115Medium · CVSS 4.3EPSS 4.0%2018-11-28
- CVE-2018-12115CWE-787High · CVSS 7.5EPSS 8.0%2018-08-21
- CVE-2018-7166CWE-226High · CVSS 7.5EPSS 3.2%2018-08-21
- CVE-2018-7162High · CVSS 7.5EPSS 7.0%2018-06-13
- CVE-2018-7164High · CVSS 7.5EPSS 6.4%2018-06-13
- CVE-2018-7161High · CVSS 7.5EPSS 7.9%2018-06-13
Track new nodejs CVEs as they are published and get AI-written analysis and remediation guidance.
Monitor nodejs CVEsOther CNAs
Compare data quality across other CVE Numbering Authorities.
Frequently asked questions
Common questions about the nodejs CNA.
- What is the nodejs CNA?
- nodejs is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 18 CVE records since 2017.
- How many CVEs has nodejs published?
- nodejs has published 18 CVE records, including 0 in the last two years.
- What is nodejs's CVE data quality grade?
- RadicalNotion.AI grades nodejs's CVE data quality as D, with an overall completeness score of 66.7%. This reflects how consistently its CVE records include vendor (100%), product (100%), CVSS (0%), and CWE (66.7%) information.
- What products does nodejs publish CVEs for?
- nodejs most frequently publishes CVEs for node, Node.js, suse openstack cloud, leap, suse enterprise storage.
- Which vendors does nodejs cover?
- nodejs publishes CVEs across 2 distinct vendors, most often Node.js, Node.js, openSUSE, Red Hat, SUSE.
- Is nodejs actively publishing CVEs?
- nodejs is currently inactive (has not published recently), based on 0 CVEs in the last two years.
- How many critical CVEs has nodejs published?
- nodejs has published 1 critical-severity CVEs and 14 high-severity CVEs.
- Are any of nodejs's CVEs in CISA's Known Exploited Vulnerabilities catalog?
- No. None of nodejs's CVEs are currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- What are the most common weakness types in nodejs's CVEs?
- nodejs's CVEs most often map to these CWE weakness types: CWE-400 (Uncontrolled Resource Consumption), CWE-115 (Misinterpretation of Input), CWE-226 (Sensitive Information in Resource Not Removed Before Reuse), CWE-419 (Unprotected Primary Channel).
- How does nodejs rank among CNAs?
- By total CVE volume, nodejs ranks #254 of 370 CNAs, and it reports more complete CVE records than 18% of all CNAs.
References
- Official CVE.org list of CNA partners (opens in a new tab)
- Learn: What is a CNA?
- CWE directory: the weakness types this CNA maps its CVEs to
CNA report-card grades are computed by RadicalNotion.AI from published CVE records. CVE data is sourced from the CVE Program.
Track nodejs CVEs
Monitor new vulnerabilities as this CNA publishes them, with AI-written analysis and remediation guidance.