Astra Linux - уязвимость в nodejs

Due to the formatting logic of the "console.table" function, it is not safe to allow user-controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "proto". This approach causes prototy...

Astra Linux - уязвимость в nodejs

If the Node.js HTTPS API was used incorrectly, and “undefined” was passed as the “rejectUnauthorized” parameter, no error would be returned, and connections to servers with expired certificates would be accepted...

Astra Linux - уязвимость в nodejs

Node.js versions prior to 16.6.1, 14.17.5, and 12.22.5 are vulnerable to a “use after free” attack, where an attacker could exploit memory corruption to alter the behavior of the process...

Astra Linux - уязвимость в nodejs

Node.js versions before 16.6.0, 14.17.4, and 12.22.4 are vulnerable to a “use after free” attack, where an attacker could exploit memory corruption to alter the behavior of the process...

RHEL 9 : nodejs:20 (RHSA-2026:9874)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9874 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions

A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by...

ROS-20260410-73-0004

A vulnerability in the Node.js software platform involves an incorrect restriction of the path name of a restricted directory. Exploitation of the vulnerability could allow an attacker to compromise the system...

ROS-20260410-73-0002

A vulnerability in the Node.js software platform involves cross-boundary critical data deletion errors. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality and integrity of protected information...

ROS-20260410-73-0003

A vulnerability in the Node.js software platform involves cross-boundary critical data deletion errors. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality and integrity of protected information...

nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.

A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied...

Exploit for Improper Input Validation in Nodejs Node.Js

Node.js-specific security flaws Constant Hashtable Seeds...

CVE-2026-21716

A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied...

CVE-2026-21717

A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by...

CVE-2021-27191

The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service DoS if the range is untrusted input. An attacker could send a large range such as 128.0.0.0/1 that causes resource exhaustion...

PT-2026-6388

Summary @isaacs/brace-expansion is vulnerable to a Denial of Service DoS issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the...

ALPINE-CVE-2025-55132

A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via futimes even when the process has only read permissions. Unlike utimes, futimes does not apply the expected write-permission checks, which means file metadata can be modified in read-only...

UBUNTU-CVE-2025-55132

A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via futimes even when the process has only read permissions. Unlike utimes, futimes does not apply the expected write-permission checks, which means file metadata can be modified in read-only...

Node.js security vulnerabilities

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. There are security vulnerabilities in Node.js, which stem from unhandled TLSSocket errors when processing malformed HTTP/2 HEADERS frames. These vulnerabilities can lead to process crashes...

Linux Distros Unpatched Vulnerability : CVE-2025-55131

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option...

CVE-2021-27884

Weak JSON Web Token JWT signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used...