[SECURITY] Fedora 43 Update: nodejs22-22.22.2-2.fc43

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

RHSA-2026:9874 Red Hat Security Advisory: nodejs:20 security update

Bulletin has no description...

RHSA-2026:9711 Red Hat Security Advisory: nodejs:20 security update

Bulletin has no description...

RHSA-2026:7675 Red Hat Security Advisory: nodejs24 security update

Bulletin has no description...

RHSA-2026:7350 Red Hat Security Advisory: nodejs:24 security update

Bulletin has no description...

SUSE-SU-2026:20436-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to 22.22.0: - CVE-2025-55130: file system permissions bypass via crafted symlinks bsc1256569. - CVE-2025-55131: timeout-based race conditions allow for allocations that contain leftover data from previous operations and lead to exposure ...

Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2026-1404)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1404 advisory. Bypass File System Permissions using crafted symlinks CVE-2025-55130 A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using th...

[SECURITY] Fedora 42 Update: nodejs20-20.20.0-2.fc42

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

TencentOS Server 3: nodejs:20 (TSSA-2025:0462)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0462 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Important: nodejs20

Issue Overview: Corrupted pointer in node::fs::ReadFileUtf8const FunctionCallbackInfo& args when args0 is a string, resulting in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service. Info:...

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3 only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16 v18 and v20

...

SUSE CVE-2023-30584

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions. Please note that at the time this CVE was issued, the permission model is an...