CVE security advisories and vulnerability history for Node by NodeJS.
152
Total CVEs
Published
0
In CISA KEV
Exploited in the wild
13
Public exploits
With known exploit
6.6
Avg CVSS
2016–2026
Last updated
Overview
NodeJS Node has 152 published CVE records since 2016, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 13 have a known public exploit. The average CVSS base score across scored CVEs is 6.6.
This page aggregates every publicly disclosed vulnerability (CVE) affecting NodeJS Node, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.
Severity and exploitation
How the CVSS severity of NodeJS Node's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.
Critical3
High34
Medium24
Low7
84 additional CVEs have no CVSS severity score.
In CISA’s Known Exploited Vulnerabilities catalog
0
None of NodeJS Node's CVEs are currently listed in CISA's KEV catalog.
Public exploits
13
13 of NodeJS Node's CVEs have a known public exploit available.
Affected versions and CVEs
Browse every NodeJS Node version named in a CVE, then pick one to see only the CVEs that affect it.
Common questions about NodeJS Node vulnerabilities.
How many CVEs does NodeJS Node have?
NodeJS Node has 152 published CVE records since 2016.
How many NodeJS Node CVEs are in CISA KEV?
None of NodeJS Node's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.
Are there public exploits for NodeJS Node vulnerabilities?
Yes — 13 of NodeJS Node's CVEs have a known public exploit.
Which versions of NodeJS Node are affected?
1,830 distinct NodeJS Node versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.
What are the most common weakness types in NodeJS Node CVEs?
NodeJS Node's CVEs most often map to these CWE weakness types: CWE-444 (Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')), CWE-400 (Uncontrolled Resource Consumption), CWE-284 (Improper Access Control), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')).
How many critical NodeJS Node vulnerabilities are there?
NodeJS Node has 3 critical and 34 high-severity CVEs.
What is the average severity of NodeJS Node CVEs?
The average CVSS base score across NodeJS Node's scored CVEs is 6.6.
