CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.