nodejs (Ubuntu:22.04:LTS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Ubuntu:22.04:LTS package nodejs, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2024-36138 — CVSS 8.1 (high): Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via…
CVE-2024-21892 — CVSS 7.8 (high): On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running…
CVE-2023-39331 — CVSS 7.5 (high): A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability…
CVE-2024-22019 — CVSS 7.5 (high): A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to…
CVE-2025-23084 — CVSS 5.5 (medium): A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain…
CVE-2024-37372 — CVSS 3.6 (low): The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not…