Njs

This hub aggregates every CVE we track for Njs, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.

Networking Infrastructureon-premother

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

HIGH18CRITICAL15MEDIUM12

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Njs.

CVE-2026-8711NGINX JavaScript vulnerability8.1May 19, 2026
CVE-2023-27730Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c.7.5Apr 9, 2023
CVE-2023-27729Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c.7.5Apr 9, 2023
CVE-2023-27727Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.7.5Apr 9, 2023
CVE-2023-27728Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c.7.5Apr 9, 2023
CVE-2020-19692Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file.9.8Apr 4, 2023
CVE-2020-19695Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.9.8Apr 4, 2023
CVE-2022-43285Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted ...7.5Oct 28, 2022
CVE-2022-43286Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.9.8Oct 28, 2022
CVE-2022-43284Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor disputes the significance of this report because NJS does no...7.5Oct 28, 2022
CVE-2022-38890Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h5.5Sep 15, 2022
CVE-2022-35173An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation.7.5Aug 18, 2022
CVE-2022-34032Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.7.5Jul 18, 2022
CVE-2022-34031Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h.7.5Jul 18, 2022
CVE-2022-34030Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c.7.5Jul 18, 2022

Product normalization is registry-driven with AI assist and human review. How it works