Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
node.js Number Of NVD 149 CRITICAL 13 HIGH 91 MEDIUM 44 LOW 1
URL https://nodejs.org/
Explanation Node.js releases a major version every 6 months.

The status of each version includes

Current : Added features

Active LTS : New stable features, bug fixes, and other updates are made by the LTS team.

Maintenance LTS : New features are added, major bug fixes and security updates are made by the LTS team. New features will only be added if they can be migrated to subsequent versions.

Odd-numbered releases (9, 11, etc.) will be Current and will be supported by the developers for 6 months only.
Even-numbered releases (10, 12, etc.) will be released after support for odd-numbered releases expires, and will be supported as Current for 6 months by the developers.
After 6 months of even-numbered releases, the system will move to Active LTS for 12 months and become generally available.
After the end of Active LTS, the system will move to Maintenance LTS for 12 months.
Even-numbered releases are usually guaranteed to have critical bugs fixed for a total of 30 months.

Only Active LTS and Maintenance LTS Node.js should be used in commercial products.
Tag
  • MIT License
  • Javascript
Add Information URL
No Type Name URL
1 https://nodejs.org/en/blog/
2 https://nodejs.org/en/blog/release/
3 https://nodejs.org/en/about/releases/
4 https://github.com/nodejs/Release
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
41 Node.js 22 v22.6.0 Aug. 6, 2024 June 11, 2024 0 0 0 0
42 Node.js 21 21.7.3 April 10, 2024 Oct. 17, 2023 0 0 0 0
43 Node.js 20 20.14.0 May 28, 2024 April 19, 2023 2 12 3 0
44 Node.js 19 19.7.0 Feb. 21, 2023 Oct. 18, 2022 0 5 2 0
45 Node.js 18 (LTS) 18.15.0 March 7, 2023 April 19, 2022 Oct. 18, 2023 April 30, 2025 2 15 8 0
46 Node.js 17 17.9.1 June 2, 2022 Oct. 19, 2021 April 1, 2022 June 1, 2022 0 3 2 0
47 Node.js 16 (LTS) 16.19.1 Feb. 16, 2023 April 20, 2021 Oct. 18, 2022 April 30, 2024 4 16 12 0
48 Node.js 15 15.14.0 April 6, 2021 Oct. 20, 2020 June 1, 2021 1 6 3 0
49 Node.js 14 (LTS) 14.21.3 Feb. 16, 2023 April 21, 2020 Oct. 18, 2021 April 30, 2023 3 22 13 0
50 Node.js 13 13.14.0 April 30, 2020 Oct. 22, 2019 June 1, 2020 2 1 0 0
51 Node.js 12 (LTS) 12.22.12 April 5, 2022 April 23, 2019 Oct. 21, 2019 April 30, 2022 4 24 9 0
52 Node.js 11 11.15.0 April 30, 2019 Oct. 23, 2018 June 1, 2019 0 4 5 0
53 Node.js 10 (LTS) 10.24.1 April 6, 2021 April 24, 2018 May 18, 2020 April 30, 2021 2 28 10 0
54 Node.js 9 9.11.2 June 12, 2018 Oct. 1, 2017 June 30, 2018 1 8 4 1
55 Node.js 8 (LTS) 8.17.0 Dec. 17, 2019 May 30, 2017 Dec. 31, 2018 Dec. 31, 2019 1 23 9 1
56 Node.js 7 7.10.1 July 11, 2017 Oct. 25, 2016 June 30, 2017 2 7 4 0
57 Node.js 6 (LTS) 6.17.1 April 3, 2019 Oct. 18, 2016 April 29, 2018 April 30, 2019 4 24 16 0
58 Node.js 5 5.12.0 June 23, 2016 Oct. 29, 2015 June 30, 2016 1 16 8 0
59 Node.js 4 (LTS) 4.9.1 March 30, 2018 Sept. 8, 2015 March 30, 2017 April 30, 2018 April 1, 2017 6 25 13 0
60 Node.js 3.0 3.0.0 0 5 3 0
61 Node.js 2.0 2.0.2 0 5 3 0
62 Node.js 1 1.1.0 0 10 10 0
63 Node.js 0 0.0.6 2 22 16 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
41 7.5
5.0 		HIGH
Network 		Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. CWE-416
 Use After Free 		CVE-2021-22940 cpe:2.3:a:nodejs:node.js:*:* 12.0.0
14.0.0
16.0.0



12.22.5
14.17.5
16.6.2 		2024-11-21 14:50
2021-08-17 		Show GitHub Exploit DB Packet Storm
42 5.3
5.0 		MEDIUM
Network 		If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would … CWE-295
Improper Certificate Validation  		CVE-2021-22939 cpe:2.3:a:nodejs:node.js:*:* 12.0.0
14.0.0
16.0.0



12.22.5
14.17.5
16.6.2 		2024-11-21 14:50
2021-08-17 		Show GitHub Exploit DB Packet Storm
43 9.8
7.5 		CRITICAL
Network 		Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js d… CWE-20
 Improper Input Validation  		CVE-2021-22931 cpe:2.3:a:nodejs:node.js:*:* 12.13.0
14.15.0
16.0.0
14.0.0
12.0.0


14.14.0
12.12.0



12.22.5
14.17.5
16.6.2

 2024-11-21 14:50
2021-08-17 		Show GitHub Exploit DB Packet Storm
44 7.8
4.4 		HIGH
Local 		Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions… CWE-732
 Incorrect Permission Assignment for Critical Resource 		CVE-2021-22921 cpe:2.3:a:nodejs:node.js:*:* 12.0.0
14.0.0
16.0.0



12.22.2
14.17.2
16.4.1 		2024-11-21 14:50
2021-07-12 		Show GitHub Exploit DB Packet Storm
45 5.3
5.0 		MEDIUM
Network 		Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whethe… CWE-125
Out-of-bounds Read 		CVE-2021-22918 cpe:2.3:a:nodejs:node.js:*:* 16.0.0
14.0.0
12.0.0



16.4.1
14.17.2
12.22.2 		2024-11-21 14:50
2021-07-12 		Show GitHub Exploit DB Packet Storm
46 7.4
5.8 		HIGH
Network 		The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disal… CWE-295
Improper Certificate Validation  		CVE-2021-3450 cpe:2.3:a:nodejs:node.js:*:* 15.0.0
14.0.0
12.0.0
10.0.0





15.14.0
14.16.1
12.22.1
10.24.1 		2024-11-21 15:21
2021-03-26 		Show GitHub Exploit DB Packet Storm
47 5.9
4.3 		MEDIUM
Network 		An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where i… CWE-476
 NULL Pointer Dereference 		CVE-2021-3449 cpe:2.3:a:nodejs:node.js:*:* 14.15.0
12.13.0
10.13.0
14.0.0
10.0.0
12.0.0
15.0.0

10.24.0
14.14.0
10.12.0
12.12.0





14.16.1
12.22.1




15.14.0 		2024-11-21 15:21
2021-03-26 		Show GitHub Exploit DB Packet Storm
48 7.5
5.1 		HIGH
Network 		Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordi… NVD-CWE-Other
CVE-2021-22884 cpe:2.3:a:nodejs:node.js:*:* 14.0.0
12.0.0
10.0.0
15.0.0





14.16.0
12.21.0
10.24.0
15.10.0 		2024-11-21 14:50
2021-03-4 		Show GitHub Exploit DB Packet Storm
49 7.5
7.8 		HIGH
Network 		Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of … CWE-772
 Missing Release of Resource after Effective Lifetime 		CVE-2021-22883 cpe:2.3:a:nodejs:node.js:*:* 14.0.0
12.0.0
10.0.0
15.0.0





14.16.0
12.21.0
10.24.0
15.10.0 		2024-11-21 14:50
2021-03-4 		Show GitHub Exploit DB Packet Storm
50 7.5
5.0 		HIGH
Network 		Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integ… CWE-190
 Integer Overflow or Wraparound 		CVE-2021-23840 cpe:2.3:a:nodejs:node.js:14.15.0:*
cpe:2.3:a:nodejs:node.js:*:* 		12.13.0
10.13.0
15.0.0
14.0.0
10.0.0
12.0.0


14.14.0
10.12.0
12.12.0




12.21.0
10.24.0
15.10.0


 2024-11-21 14:51
2021-02-17 		Show GitHub Exploit DB Packet Storm