Vulnerabilities

05 May 22 OpenSSL update assessment, and Node.js project plans
18 Mar 22 OpenSSL security releases require Node.js security releases
11 Jan 22 January 10th 2022 Security Releases
12 Oct 21 October 12th 2021 Security Releases
31 Aug 21 August 31 2021 Security Releases
11 Aug 21 August 2021 Security Releases
29 Jul 21 July 2021 Security Releases
01 Jul 21 July 2021 Security Releases
06 Apr 21 April 2021 Security Releases
23 Feb 21 February 2021 Security Releases
04 Jan 21 January 2021 Security Releases
16 Nov 20 November 2020 Security Releases
15 Sep 20 September 2020 Security Releases
02 Jun 20 June 2020 Security Releases
21 Apr 20 OpenSSL security releases do not require Node.js security releases
06 Feb 20 February 2020 Security Releases
18 Dec 19 December 2019 Security Releases
12 Sep 19 OpenSSL security releases do not require Node.js security releases
05 Sep 19 OpenSSL security releases may require Node.js security releases
16 Aug 19 August 2019 Security Releases
28 Feb 19 February 2019 Security Releases
28 Nov 18 November 2018 Security Releases
11 Aug 18 August 2018 Security Releases
12 Jun 18 June 2018 Security Releases
21 Mar 18 March 2018 Security Releases
08 Jan 18 Meltdown and Spectre - Impact On Node.js
08 Dec 17 Data Confidentiality/Integrity Vulnerability, December 2017
30 Oct 17 OpenSSL update, 1.0.2m
24 Oct 17 DOS security vulnerability, October 2017
29 Sep 17 Path validation vulnerability, September 2017
11 Jul 17 Security updates for all active release lines, July 2017
27 Jan 17 OpenSSL update, 1.0.2k
15 Oct 16 October security releases and v6 LTS "Boron" security inclusions
23 Sep 16 Security updates for all active release lines, September 2016
13 Jun 16 Security updates for all active release lines, June 2016
02 May 16 OpenSSL updates, 1.0.1t and 1.0.2h
31 Mar 16 npm security updates v2.15.1 and v3.8.3
29 Feb 16 OpenSSL updates, 1.0.2g and 1.0.1s
09 Feb 16 February 2016 Security Release Summary
27 Jan 16 OpenSSL upgrade low-severity Node.js security fixes
04 Dec 15 December Security Release Summary
01 Dec 15 December Security Release Schedule Update
25 Nov 15 CVE-2015-8027 Denial of Service Vulnerability / CVE-2015-6764 V8 Out-of-bounds Access Vulnerability
31 Jul 14 V8 Memory Corruption and Stack Overflow (fixed in Node v0.8.28 and v0.10.30)
16 Jun 14 OpenSSL and Breaking UTF-8 Change (fixed in Node v0.8.27 and v0.10.29)
22 Oct 13 DoS Vulnerability (fixed in Node v0.8.26 and v0.10.21)
07 May 12 HTTP Server Security Vulnerability: Please upgrade to 0.6.17