NGINX Njs
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in NGINX Njs.
By the Year
In 2025 there have been 0 vulnerabilities in NGINX Njs. Njs did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 2 | 9.80 |
| 2022 | 8 | 7.61 |
| 2021 | 0 | 0.00 |
| 2020 | 4 | 6.08 |
| 2019 | 8 | 9.10 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Njs vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent NGINX Njs Security Vulnerabilities
Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92
CVE-2020-19692
9.8 - Critical
- April 04, 2023
Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file.
Classic Buffer Overflow
Buffer Overflow found in Nginx NJS
CVE-2020-19695
9.8 - Critical
- April 04, 2023
Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.
Classic Buffer Overflow
An issue was discovered in Nginx NJS v0.7.5
CVE-2022-35173
7.5 - High
- August 18, 2022
An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation.
Improper Check for Unusual or Exceptional Conditions
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h.
CVE-2022-30503
5.5 - Medium
- June 02, 2022
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h.
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.
CVE-2022-29779
5.5 - Medium
- June 02, 2022
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c.
CVE-2022-29780
5.5 - Medium
- June 02, 2022
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c.
njs through 0.7.0
CVE-2022-25139
9.8 - Critical
- February 14, 2022
njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled.
Dangling pointer
njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access
CVE-2021-46461
9.8 - Critical
- February 14, 2022
njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c.
Buffer Overflow
njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation
CVE-2021-46462
7.5 - High
- February 14, 2022
njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c.
njs through 0.7.1
CVE-2021-46463
9.8 - Critical
- February 14, 2022
njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().
Object Type Confusion
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c
CVE-2020-24349
5.5 - Medium
- August 13, 2020
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
Dangling pointer
njs through 0.4.3
CVE-2020-24348
5.5 - Medium
- August 13, 2020
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
Out-of-bounds Read
njs through 0.4.3
CVE-2020-24347
5.5 - Medium
- August 13, 2020
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
Out-of-bounds Read
njs through 0.4.3
CVE-2020-24346
7.8 - High
- August 13, 2020
njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.
Dangling pointer
njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call
CVE-2019-13617
6.5 - Medium
- July 16, 2019
njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call.
Out-of-bounds Read
njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c
CVE-2019-13067
9.8 - Critical
- June 30, 2019
njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place.
Out-of-bounds Read
njs through 0.3.1
CVE-2019-12208
9.8 - Critical
- May 20, 2019
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.
Memory Corruption
njs through 0.3.1
CVE-2019-12207
9.8 - Critical
- May 20, 2019
njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.
Out-of-bounds Read
njs through 0.3.1
CVE-2019-12206
9.8 - Critical
- May 20, 2019
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.
Memory Corruption
njs through 0.3.1
CVE-2019-11837
7.5 - High
- May 09, 2019
njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c.
Numeric Errors
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c
CVE-2019-11839
9.8 - Critical
- May 09, 2019
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling.
Memory Corruption
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c
CVE-2019-11838
9.8 - Critical
- May 09, 2019
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling.
Memory Corruption
