Every CVE whose affected-product data names F5 Njs, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (40)
CVE-2021-46463 — CVSS 9.8 (critical): njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in…
CVE-2022-27007 — CVSS 9.8 (critical): nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved…
CVE-2019-11839 — CVSS 9.8 (critical): njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to…
CVE-2019-12208 — CVSS 9.8 (critical): njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.
CVE-2019-13067 — CVSS 9.8 (critical): njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for…
CVE-2022-29379 — CVSS 9.8 (critical): Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE…
CVE-2019-11838 — CVSS 9.8 (critical): njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to…
CVE-2020-19692 — CVSS 9.8 (critical): Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the…
CVE-2020-19695 — CVSS 9.8 (critical): Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the…
CVE-2022-43286 — CVSS 9.8 (critical): Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_c…
CVE-2026-8711 — CVSS 8.1 (high): NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable…
CVE-2020-24346 — CVSS 7.8 (high): njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.
CVE-2022-29369 — CVSS 7.5 (high): Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c.
CVE-2021-46462 — CVSS 7.5 (high): njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c.
CVE-2022-27008 — CVSS 7.5 (high): nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast…
CVE-2022-34030 — CVSS 7.5 (high): Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c.
CVE-2022-34031 — CVSS 7.5 (high): Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h.
CVE-2022-34032 — CVSS 7.5 (high): Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.
CVE-2022-43284 — CVSS 7.5 (high): Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor…
CVE-2022-43285 — CVSS 7.5 (high): Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the significance…
CVE-2023-27727 — CVSS 7.5 (high): Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.
CVE-2023-27728 — CVSS 7.5 (high): Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c.
CVE-2023-27729 — CVSS 7.5 (high): Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c.
CVE-2023-27730 — CVSS 7.5 (high): Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c.
CVE-2019-11837 — CVSS 7.5 (high): njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in…
CVE-2022-34027 — CVSS 7.5 (high): Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c.
CVE-2022-34028 — CVSS 7.5 (high): Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h.
CVE-2019-13617 — CVSS 6.5 (medium): njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as…
CVE-2022-38890 — CVSS 5.5 (medium): Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h
CVE-2020-24349 — CVSS 5.5 (medium): njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to…
CVE-2022-31306 — CVSS 5.5 (medium): Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c.
CVE-2022-31307 — CVSS 5.5 (medium): Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c.
CVE-2022-32414 — CVSS 5.5 (medium): Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c.
CVE-2020-24347 — CVSS 5.5 (medium): njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
CVE-2022-28049 — CVSS 5.5 (medium): NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c.
CVE-2020-24348 — CVSS 5.5 (medium): njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.