diff --git a/vuln/core/125.json b/vuln/core/125.json
new file mode 100644
index 00000000..8b8cbecb
--- /dev/null
+++ b/vuln/core/125.json
@@ -0,0 +1,8 @@
+{
+  "cve": ["CVE-2023-45143"],
+  "vulnerable": "18.x || 20.x",
+  "patched": "^18.18.2 || ^20.8.1",
+  "ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
+  "overview": "Cookie headers are not cleared in cross-domain redirect in undici-fetch (High)",
+  "affectedEnvironments": ["all"]
+}
diff --git a/vuln/core/126.json b/vuln/core/126.json
new file mode 100644
index 00000000..327aec86
--- /dev/null
+++ b/vuln/core/126.json
@@ -0,0 +1,8 @@
+{
+  "cve": ["CVE-2023-44487"],
+  "vulnerable": "18.x || 20.x",
+  "patched": "^18.18.2 || ^20.8.1",
+  "ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
+  "overview": "Rapidly creating and cancelling streams (HEADERS frame immediately followed by RST_STREAM) without bound causes denial of service (High)",
+  "affectedEnvironments": ["all"]
+}
diff --git a/vuln/core/127.json b/vuln/core/127.json
new file mode 100644
index 00000000..82951518
--- /dev/null
+++ b/vuln/core/127.json
@@ -0,0 +1,8 @@
+{
+  "cve": ["CVE-2023-39331"],
+  "vulnerable": "20.x",
+  "patched": "^20.8.1",
+  "ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
+  "overview": "A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently. The implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations (High)",
+  "affectedEnvironments": ["all"]
+}
diff --git a/vuln/core/128.json b/vuln/core/128.json
new file mode 100644
index 00000000..9d09ebde
--- /dev/null
+++ b/vuln/core/128.json
@@ -0,0 +1,8 @@
+{
+  "cve": ["CVE-2023-39332"],
+  "vulnerable": "20.x",
+  "patched": "^20.8.1",
+  "ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
+  "overview": "Path traversal through path stored in Uint8Array (High)",
+  "affectedEnvironments": ["all"]
+}
diff --git a/vuln/core/129.json b/vuln/core/129.json
new file mode 100644
index 00000000..c7e84c6b
--- /dev/null
+++ b/vuln/core/129.json
@@ -0,0 +1,8 @@
+{
+  "cve": ["CVE-2023-38552"],
+  "vulnerable": "18.x || 20.x",
+  "patched": "^18.18.2 || ^20.8.1",
+  "ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
+  "overview": "Integrity checks according to experimental policies can be circumvented (Medium)",
+  "affectedEnvironments": ["all"]
+}
diff --git a/vuln/core/130.json b/vuln/core/130.json
new file mode 100644
index 00000000..98099d8d
--- /dev/null
+++ b/vuln/core/130.json
@@ -0,0 +1,8 @@
+{
+  "cve": ["CVE-2023-39333"],
+  "vulnerable": "18.x || 20.x",
+  "patched": "^18.18.2 || ^20.8.1",
+  "ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
+  "overview": "Code injection via WebAssembly export names (Low)",
+  "affectedEnvironments": ["all"]
+}
diff --git a/vuln/core/index.json b/vuln/core/index.json
index af398008..7b67b815 100644
--- a/vuln/core/index.json
+++ b/vuln/core/index.json
@@ -1546,5 +1546,77 @@
     "affectedEnvironments": [
       "all"
     ]
+  },
+  "125": {
+    "cve": [
+      "CVE-2023-45143"
+    ],
+    "vulnerable": "18.x || 20.x",
+    "patched": "^18.18.2 || ^20.8.1",
+    "ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
+    "overview": "Cookie headers are not cleared in cross-domain redirect in undici-fetch (High)",
+    "affectedEnvironments": [
+      "all"
+    ]
+  },
+  "126": {
+    "cve": [
+      "CVE-2023-44487"
+    ],
+    "vulnerable": "18.x || 20.x",
+    "patched": "^18.18.2 || ^20.8.1",
+    "ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
+    "overview": "Rapidly creating and cancelling streams (HEADERS frame immediately followed by RST_STREAM) without bound causes denial of service (High)",
+    "affectedEnvironments": [
+      "all"
+    ]
+  },
+  "127": {
+    "cve": [
+      "CVE-2023-39331"
+    ],
+    "vulnerable": "20.x",
+    "patched": "^20.8.1",
+    "ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
+    "overview": "A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently. The implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations (High)",
+    "affectedEnvironments": [
+      "all"
+    ]
+  },
+  "128": {
+    "cve": [
+      "CVE-2023-39332"
+    ],
+    "vulnerable": "20.x",
+    "patched": "^20.8.1",
+    "ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
+    "overview": "Path traversal through path stored in Uint8Array (High)",
+    "affectedEnvironments": [
+      "all"
+    ]
+  },
+  "129": {
+    "cve": [
+      "CVE-2023-38552"
+    ],
+    "vulnerable": "18.x || 20.x",
+    "patched": "^18.18.2 || ^20.8.1",
+    "ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
+    "overview": "Integrity checks according to experimental policies can be circumvented (Medium)",
+    "affectedEnvironments": [
+      "all"
+    ]
+  },
+  "130": {
+    "cve": [
+      "CVE-2023-39333"
+    ],
+    "vulnerable": "18.x || 20.x",
+    "patched": "^18.18.2 || ^20.8.1",
+    "ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
+    "overview": "Code injection via WebAssembly export names (Low)",
+    "affectedEnvironments": [
+      "all"
+    ]
   }
 }
\ No newline at end of file