Linux Distros Unpatched Vulnerability : CVE-2021-44532

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 converts SANs Subject Alternative Names to a string format. It uses this string to check peer certificates against...

Linux Distros Unpatched Vulnerability : CVE-2021-22939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If the Node.js https API was used incorrectly and undefined was in passed for the rejectUnauthorized parameter, no error was returned and connections to servers...

Linux Distros Unpatched Vulnerability : CVE-2018-21270

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number...

Linux Distros Unpatched Vulnerability : CVE-2024-21896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The permission model protects itself against path traversal attacks by calling path.resolve on any paths given by the user. If the path is to be treated as a...

MAL-2025-32926 Malicious code in selper (npm)

The package selper was found to contain malicious code...

MAL-2025-38466 Malicious code in vista-4gera-l3bm1-essence-project (npm)

The package vista-4gera-l3bm1-essence-project was found to contain malicious code...

MAL-2025-8565 Malicious code in @malware-test-coins-guess-felly-nerks/test-mlw3-coins-guess-felly-nerks (npm)

The package @malware-test-coins-guess-felly-nerks/test-mlw3-coins-guess-felly-nerks was found to contain malicious code...

MAL-2025-27668 Malicious code in node.js (npm)

The package node.js was found to contain malicious code...

MAL-2025-27679 Malicious code in nodejs-development-writable-celeste (npm)

The package nodejs-development-writable-celeste was found to contain malicious code...

MAL-2025-15661 Malicious code in biclique (npm)

The package biclique was found to contain malicious code...

SUSE CVE-2025-54798

tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4...

Linux Distros Unpatched Vulnerability : CVE-2025-7339

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being...

tmp 安全漏洞

tmp is a temporary file and directory creator for node.js by the individual developer KARASZI István. A security vulnerability exists in tmp 0.2.3 and earlier versions, which stems from a symbolic link parameter that could lead to arbitrary temporary file or directory writes...

HAXcms with nodejs backend 安全漏洞

HAXcms with nodejs backend is an open source backend management system from HAX The Web. A security vulnerability exists in HAXcms with nodejs backend version 11.0.9 and earlier, which stems from hardcoding default credentials and JWT private keys, which could lead to unauthorized access...

SUSE CVE-2025-27210

An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment from the Node.js open source. A security vulnerability exists in Node.js version v24.x, which stems from an improper implementation of string hash computation and could lead to a hash collision attack...

DEBIAN-CVE-2025-50182

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means...

AZL-69706 CVE-2025-5222 affecting package nodejs18 for versions less than 18.20.3-10

A stack buffer overflow was found in Internationl components for unicode ICU . While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution...

nodejs: Node.js Worker Thread Exposure via Diagnostics Channel

A flaw was found in the Node.js diagnosticschannel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created...

MAL-2025-745 Malicious code in nodejs-paypal-checkout-demo (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 909c8505097e7b62c38bde6c75bb0ba8516f566136ec093b913944bcbdd1130e Any computer that has this package installed or running should be considered...