[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frjb9cFoxRGi8mwJgmVHe3hRK39cC8KPnqXVwSALUx70":3},{"product":4,"cycleMajor":14,"releases":15,"cves":25,"nextMajor":42},{"id":5,"slug":6,"name":7,"category":8,"vendor":9,"description":10,"logo_url":11,"official_url":9,"synced_at":12,"created_at":13},"36752f1b-49ae-4055-8ef8-ab933f8f2804","nodejs","Node.js","language",null,"Developers rely on a robust and versatile runtime environment to execute JavaScript code outside the browser, which is where Node.js comes into play. Created to provide a cross-platform, open-source solution, Node.js has been a staple in the development community since its inception. The Node.js project is maintained by the Node.js Foundation, ensuring the continued growth and support of this widely-used language. With its ability to run on various operating systems, including Windows, Linux, Unix, and macOS, Node.js has become an essential tool for developers seeking to build scalable and high-performance applications.\n\nThe end-of-life landscape for Node.js is a critical aspect for developers to stay on top of, with a total of 26 versions released to date. Currently, 23 of these versions have reached their end-of-life, leaving only 3 active versions still receiving support. The latest stable version, 22.22.3, is among the active ones, but its time is limited, as version 22 is slated to expire on 2027-04-30. This follows the recent end-of-life date of version 25, which occurred on 2026-06-01. Staying informed about these expirations is crucial for developers to plan their projects and migrations accordingly.\n\nThe security of Node.js is also a key concern, with a total of 38 CVEs tracked to date. Of these, 5 are considered critical, highlighting the potential risks associated with using outdated or vulnerable versions. Notably, version 24 is the most affected, with 6 CVEs reported. To mitigate these risks, developers should prioritize keeping their Node.js environment up to date, ideally running the latest stable version. By doing so, they can ensure they have the latest security patches and features, reducing the likelihood of exploits and maintaining the integrity of their applications.","https:\u002F\u002Fcdn.simpleicons.org\u002Fnodedotjs","2026-06-14T02:03:06.852+00:00","2026-05-30T16:23:55.904463+00:00","19",[16],{"id":17,"product_id":5,"cycle":14,"release_date":18,"eol":19,"eol_boolean":9,"latest":20,"latest_release_date":21,"lts":22,"support":23,"created_at":24},"7e9c999d-2504-4dd1-b3a1-7750b6bc9117","2022-10-18","2023-06-01","19.9.0","2023-04-10",false,"2023-04-01","2026-05-30T16:28:22.141504+00:00",[26,34],{"cveId":27,"releaseId":17,"cycle":14,"description":28,"severity":29,"cvssScore":30,"epssScore":31,"inKev":22,"publishedAt":32,"url":33},"CVE-2026-21637","A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client ca","HIGH",7.5,0.00033,"2026-01-20T21:16:05.95+00:00","https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2026-21637",{"cveId":35,"releaseId":17,"cycle":14,"description":36,"severity":37,"cvssScore":38,"epssScore":39,"inKev":22,"publishedAt":40,"url":41},"CVE-2024-3566","A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.","CRITICAL",9.8,0.10549,"2024-04-10T16:15:16.083+00:00","https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2024-3566","20"]