nodeca CVE Vulnerabilities & Metrics

Focus on nodeca vulnerabilities and metrics.

Last updated: 03 Dec 2025, 23:25 UTC

About nodeca Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with nodeca. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total nodeca CVEs: 1
Earliest CVE date: 28 Jun 2013, 14:55 UTC
Latest CVE date: 13 Nov 2025, 16:15 UTC

Latest CVE reference: CVE-2025-64718

Rolling Stats

30-day Count (Rolling): 1
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical nodeca CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.4

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	1
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS nodeca CVEs

These are the five CVEs with the highest CVSS scores for nodeca, sorted by severity first and recency.

CVE-2013-4660 nodeca Published on 28 Jun 2013, 14:55 UTC (CVSS: 6.8)
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.
CVE-2025-64718 nodeca Published on 13 Nov 2025, 16:15 UTC (CVSS: 0)
js-yaml is a JavaScript YAML parser and dumper. In js-yaml 4.1.0 and below, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1. Users can protect against this kind of attack on the server by using `node --disable-...

All CVEs for nodeca

CVE-2025-64718 nodeca vulnerability CVSS: 0 13 Nov 2025, 16:15 UTC

js-yaml is a JavaScript YAML parser and dumper. In js-yaml 4.1.0 and below, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).

CVE-2013-4660 nodeca vulnerability CVSS: 6.8 28 Jun 2013, 14:55 UTC

The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.