| CVE-2026-1527 |
high |
— |
8.0 |
|
|
|
2mo ago |
RHSA-2026:7670: nodejs:24 security update (Important) |
| CVE-2026-1526 |
high |
— |
8.0 |
|
|
|
2mo ago |
RHSA-2026:7670: nodejs:24 security update (Important) |
| CVE-2026-2229 |
high |
— |
8.0 |
|
|
|
2mo ago |
RHSA-2026:7670: nodejs:24 security update (Important) |
| CVE-2026-1525 |
high |
— |
8.0 |
|
|
|
2mo ago |
RHSA-2026:7670: nodejs:24 security update (Important) |
| CVE-2026-1528 |
high |
— |
8.0 |
|
|
|
2mo ago |
RHSA-2026:7670: nodejs:24 security update (Important) |
| CVE-2026-2581 |
high |
— |
8.0 |
|
|
|
2mo ago |
RHSA-2026:7670: nodejs:24 security update (Important) |
| CVE-2025-22150 |
high |
— |
8.0 |
|
|
|
1y ago |
RHSA-2025:1611: nodejs:22 security update (Important) |
| CVE-2023-45143 |
high |
— |
8.0 |
|
|
|
3y ago |
RHSA-2023:7205: nodejs:20 security update (Important) |
| CVE-2023-24807 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:1583: nodejs:18 security, bug fix, and enhancement update (Moderate) |
| CVE-2023-23936 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:1583: nodejs:18 security, bug fix, and enhancement update (Moderate) |
| CVE-2026-22036 |
unknown |
— |
— |
|
|
|
5mo ago |
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert tho… |
| CVE-2025-47279 |
unknown |
— |
— |
|
|
|
1y ago |
Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server … |
| CVE-2024-38372 |
unknown |
— |
— |
|
|
|
2y ago |
Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a `fetch()` request, `response.arrayBuffer()` might include portion of memory from the N… |
| CVE-2024-30261 |
unknown |
— |
— |
|
|
|
2y ago |
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been… |
| CVE-2024-30260 |
unknown |
— |
— |
|
|
|
2y ago |
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnera… |
| CVE-2024-24758 |
unknown |
— |
— |
|
|
|
2y ago |
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue ha… |
| CVE-2024-24750 |
unknown |
— |
— |
|
|
|
2y ago |
Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory lea… |
| CVE-2022-35948 |
unknown |
— |
— |
|
|
|
4y ago |
undici is an HTTP/1.1 client, written from scratch for Node.js.`=< undici@5.8.0` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specifically… |
| CVE-2022-35949 |
unknown |
— |
— |
|
|
|
4y ago |
undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option… |
| CVE-2022-31151 |
unknown |
— |
— |
|
|
|
4y ago |
Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users us… |
| CVE-2022-31150 |
unknown |
— |
— |
|
|
|
4y ago |
undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0… |
| CVE-2022-32210 |
unknown |
— |
— |
|
|
|
4y ago |
`Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and i… |
