| Bug | jessie | stretch | buster | sid | Description |
|---|
| CVE-2019-5739 | vulnerable | vulnerable | fixed | fixed | Keep-alive HTTP and HTTPS connections can remain open and inactive for ... |
| CVE-2019-5737 | vulnerable | vulnerable | fixed | fixed | An attacker can cause a Denial of Service (DoS) by establishing an HTT ... |
| CVE-2018-7167 | vulnerable | vulnerable | fixed | fixed | Calling Buffer.fill() or Buffer.alloc() with some parameters can lead ... |
| CVE-2018-7159 | vulnerable | vulnerable | fixed | fixed | The HTTP parser in all current versions of Node.js ignores spaces in t ... |
| CVE-2018-7158 | vulnerable | vulnerable | fixed | fixed | The `'path'` module in the Node.js 4.x release line contains a potenti ... |
| CVE-2018-12123 | vulnerable | vulnerable | fixed | fixed | Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ... |
| CVE-2018-12122 | vulnerable | vulnerable | fixed | fixed | Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ... |
| CVE-2018-12121 | vulnerable | vulnerable | fixed | fixed | Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ... |
| CVE-2018-12120 | vulnerable | vulnerable | fixed | fixed | Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 list ... |
| CVE-2018-12116 | vulnerable | vulnerable | fixed | fixed | Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request ... |
| CVE-2018-12115 | vulnerable | vulnerable | fixed | fixed | In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when use ... |
| CVE-2017-11499 | vulnerable | vulnerable | fixed | fixed | Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11. ... |
| CVE-2016-7099 | vulnerable | fixed | fixed | fixed | The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, ... |
| CVE-2016-5325 | vulnerable | fixed | fixed | fixed | CRLF injection vulnerability in the ServerResponse#writeHead function ... |
| CVE-2016-2216 | vulnerable | fixed | fixed | fixed | The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 ... |
| CVE-2016-2086 | vulnerable | fixed | fixed | fixed | Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0 ... |
| CVE-2016-1669 | vulnerable | fixed | fixed | fixed | The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as us ... |
| CVE-2014-9748 | vulnerable | fixed | fixed | fixed | |
| CVE-2014-5256 | vulnerable | fixed | fixed | fixed | Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider th ... |
| Bug | Description |
|---|
| CVE-2018-7166 | In all versions of Node.js 10 prior to 10.9.0, an argument processing ... |
| CVE-2018-7164 | Node.js versions 9.7.0 and later and 10.x are vulnerable and the sever ... |
| CVE-2018-7162 | All versions of Node.js 9.x and 10.x are vulnerable and the severity i ... |
| CVE-2018-7161 | All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the seve ... |
| CVE-2018-7160 | The Node.js inspector, in 6.x and later is vulnerable to a DNS rebindi ... |
| CVE-2017-15897 | Node.js had a bug in versions 8.X and 9.X which caused buffers to not ... |
| CVE-2017-15896 | Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards ... |
| CVE-2017-14919 | Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows r ... |
| CVE-2017-14849 | Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintende ... |
| CVE-2015-8027 | Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 d ... |
| CVE-2015-7384 | Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a den ... |
| CVE-2015-6764 | The BasicJsonStringifier::SerializeJSArray function in json-stringifie ... |
| CVE-2015-5380 | The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in ... |
| CVE-2013-4450 | The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8. ... |
| CVE-2012-2330 | The Update method in src/node_http_parser.cc in Node.js before 0.6.17 ... |