CVE-2025-23167 |
AVG-2873 |
Medium |
Yes |
Access restriction bypass |
A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables... |
CVE-2025-23166 |
AVG-2873 |
High |
Yes |
Denial of service |
Improper error handling in async cryptographic operations crashes process. The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException()... |
CVE-2025-23165 |
AVG-2873 |
Low |
Yes |
Denial of service |
Corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo<Value>& args) when args[0] is a string. In Node.js, the ReadFileUtf8 internal... |
CVE-2024-27983 |
AVG-2853 |
High |
Yes |
Denial of service |
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It... |
CVE-2024-27982 |
AVG-2853 |
Medium |
Yes |
Insufficient validation |
The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling.... |