diff --git a/vuln/core/131.json b/vuln/core/131.json
new file mode 100644
index 00000000..69e9c896
--- /dev/null
+++ b/vuln/core/131.json
@@ -0,0 +1,8 @@
+{
+  "cve": ["CVE-2023-46809"],
+  "vulnerable": "18.x || 20.x || 21.x",
+  "patched": "^18.19.1 || ^20.11.1 || ^21.6.2",
+  "ref": "https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/",
+  "overview": "A vulnerability in the privateDecrypt() API of the crypto library, allowed a covert timing side-channel during PKCS#1 v1.5 padding error handling.",
+  "affectedEnvironments": ["all"]
+}
diff --git a/vuln/core/132.json b/vuln/core/132.json
new file mode 100644
index 00000000..876c4929
--- /dev/null
+++ b/vuln/core/132.json
@@ -0,0 +1,8 @@
+{
+  "cve": ["CVE-2024-21891"],
+  "vulnerable": "20.x || 21.x",
+  "patched": "^20.11.1 || ^21.6.2",
+  "ref": "https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/",
+  "overview": "Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack.",
+  "affectedEnvironments": ["all"]
+}
diff --git a/vuln/core/133.json b/vuln/core/133.json
new file mode 100644
index 00000000..577633d8
--- /dev/null
+++ b/vuln/core/133.json
@@ -0,0 +1,8 @@
+{
+  "cve": ["CVE-2024-21890"],
+  "vulnerable": "20.x || 21.x",
+  "patched": "^20.11.1 || ^21.6.2",
+  "ref": "https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/",
+  "overview": "Improper handling of wildcards in --allow-fs-read and --allow-fs-write",
+  "affectedEnvironments": ["all"]
+}
diff --git a/vuln/core/134.json b/vuln/core/134.json
new file mode 100644
index 00000000..77db40ce
--- /dev/null
+++ b/vuln/core/134.json
@@ -0,0 +1,8 @@
+{
+  "cve": ["CVE-2024-21892"],
+  "vulnerable": "18.x || 20.x || 21.x",
+  "patched": "^18.19.1 || ^20.11.1 || ^21.6.2",
+  "ref": "https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/",
+  "overview": "Code injection and privilege escalation through Linux capabilities",
+  "affectedEnvironments": ["all"]
+}
diff --git a/vuln/core/135.json b/vuln/core/135.json
new file mode 100644
index 00000000..b96311df
--- /dev/null
+++ b/vuln/core/135.json
@@ -0,0 +1,8 @@
+{
+  "cve": ["CVE-2024-22019"],
+  "vulnerable": "18.x || 20.x || 21.x",
+  "patched": "^18.19.1 || ^20.11.1 || ^21.6.2",
+  "ref": "https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/",
+  "overview": "A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS).",
+  "affectedEnvironments": ["all"]
+}
diff --git a/vuln/core/136.json b/vuln/core/136.json
new file mode 100644
index 00000000..c294da7c
--- /dev/null
+++ b/vuln/core/136.json
@@ -0,0 +1,8 @@
+{
+  "cve": ["CVE-2024-21896"],
+  "vulnerable": "20.x || 21.x",
+  "patched": "^20.11.1 || ^21.6.2",
+  "ref": "https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/",
+  "overview": "The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve().",
+  "affectedEnvironments": ["all"]
+}
diff --git a/vuln/core/137.json b/vuln/core/137.json
new file mode 100644
index 00000000..23119168
--- /dev/null
+++ b/vuln/core/137.json
@@ -0,0 +1,8 @@
+{
+  "cve": ["CVE-2024-22017"],
+  "vulnerable": "20.x || 21.x",
+  "patched": "^20.11.1 || ^21.6.2",
+  "ref": "https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/",
+  "overview": "setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid()",
+  "affectedEnvironments": ["all"]
+}
diff --git a/vuln/core/138.json b/vuln/core/138.json
new file mode 100644
index 00000000..733d8ed7
--- /dev/null
+++ b/vuln/core/138.json
@@ -0,0 +1,8 @@
+{
+  "cve": ["CVE-2024-22025"],
+  "vulnerable": "18.x || 20.x || 21.x",
+  "patched": "^18.19.1 || ^20.11.1 || ^21.6.2",
+  "ref": "https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/",
+  "overview": "A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL.",
+  "affectedEnvironments": ["all"]
+}