| Bug | bookworm | trixie | forky | sid | Description |
|---|
| CVE-2026-22036 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, ... |
| CVE-2026-2581 | fixed | vulnerable | vulnerable | vulnerable | This is an uncontrolled resource consumption vulnerability (CWE-400) t ... |
| CVE-2026-2229 | vulnerable | vulnerable | vulnerable | vulnerable | ImpactThe undici WebSocket client is vulnerable to a denial-of-service ... |
| CVE-2026-1528 | vulnerable | vulnerable | vulnerable | vulnerable | ImpactA server can reply with a WebSocket frame using the 64-bit lengt ... |
| CVE-2026-1527 | vulnerable | vulnerable | vulnerable | vulnerable | ImpactWhen an application passes user-controlled input to theupgradeop ... |
| CVE-2026-1526 | vulnerable | vulnerable | vulnerable | vulnerable | The undici WebSocket client is vulnerable to a denial-of-service attac ... |
| CVE-2026-1525 | vulnerable | vulnerable | vulnerable | vulnerable | Undici allows duplicate HTTPContent-Lengthheaders when they are provid ... |
| CVE-2025-47279 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6. ... |
| CVE-2025-23167 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | A flaw in Node.js 20's HTTP parser allows improper termination of HTTP ... |
| CVE-2025-22150 | vulnerable (no DSA) | fixed | fixed | fixed | Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to v ... |
| CVE-2024-30261 | vulnerable (no DSA) | fixed | fixed | fixed | Undici is an HTTP/1.1 client, written from scratch for Node.js. An att ... |
| CVE-2024-30260 | vulnerable (no DSA) | fixed | fixed | fixed | Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici ... |
| CVE-2024-24758 | vulnerable (no DSA) | fixed | fixed | fixed | Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici ... |
| Bug | Description |
|---|
| CVE-2024-38372 | Undici is an HTTP/1.1 client, written from scratch for Node.js. Depend ... |
| CVE-2024-24750 | Undici is an HTTP/1.1 client, written from scratch for Node.js. In aff ... |
| CVE-2023-45143 | Undici is an HTTP/1.1 client written from scratch for Node.js. Prior t ... |
| CVE-2023-24807 | Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the ... |
| CVE-2023-23936 | Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 ... |
| CVE-2022-35949 | undici is an HTTP/1.1 client, written from scratch for Node.js.`undici ... |
| CVE-2022-35948 | undici is an HTTP/1.1 client, written from scratch for Node.js.`=< und ... |
| CVE-2022-32210 | `Undici.ProxyAgent` never verifies the remote server's certificate, an ... |
| CVE-2022-31151 | Authorization headers are cleared on cross-origin redirect. However, c ... |
| CVE-2022-31150 | undici is an HTTP/1.1 client, written from scratch for Node.js. It is ... |