Node.js is an open-source server-side JavaScript runtime environment that allows the development of scalable and high-performance web applications. However, with the increasing popularity of Node.js, it has become an attractive target for cybercriminals. Therefore, it is essential to understand the common security threats that Node.js applications may face and how to mitigate them.

1. Cross-site scripting (XSS): This type of attack involves injecting malicious code into web pages viewed by other users. The attacker can then steal sensitive information like login credentials or session cookies. To prevent XSS attacks, it is essential to sanitize and validate user input.

2. Injection attacks: These attacks involve inserting malicious code or SQL queries into input fields to manipulate the backend database. To prevent injection attacks, it is essential to use parameterized queries, input validation, and sanitization.

3. Cross-site request forgery (CSRF): This type of attack involves making unauthorized requests to a website by exploiting authenticated users' sessions. To prevent CSRF attacks, it is essential to use random tokens in form submissions, limit session time, and use HTTP-only cookies.

4. Denial of service (DoS): These attacks involve overwhelming a server with a vast number of requests, making the server unavailable for legitimate users. To prevent DoS attacks, it is essential to implement rate-limiters, monitor server loads, and set limits on requests.

Overall, implementing proper security measures is crucial in protecting Node.js applications from these common security threats. It is critical to stay informed about the latest security developments and maintain a proactive attitude towards security.