Lucene search
K

153 matches found

CBLMariner
CBLMariner
added 2026/02/02 3:31 p.m.9 views

CVE-2025-55131 affecting package nodejs for versions less than 20.14.0-11

CVE-2025-55131 affecting package nodejs for versions less than 20.14.0-11. A patched version of the package is available...

7.1CVSS5.3AI score0.03493EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/28 12:0 a.m.6 views

NewStart CGSL MAIN 6.06 : nodejs Multiple Vulnerabilities (NS-SA-2025-0241)

The remote NewStart CGSL host, running version MAIN 6.06, has nodejs packages installed that are affected by multiple vulnerabilities: - The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects...

9.8CVSS7.2AI score0.87806EPSS
Exploits26References105
Cvelist
Cvelist
added 2026/01/26 9:32 p.m.18 views

CVE-2026-22709 vm2 has a Sandbox Escape

vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of...

9.8CVSS0.01222EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.7 views

Azure Linux 3.0 Security Update: nodejs (CVE-2024-24758)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24758 advisory. - Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers...

4.5CVSS7.8AI score0.00765EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Azure Linux 3.0 Security Update: nodejs (CVE-2025-23165)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23165 advisory. - In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-1...

3.7CVSS5.8AI score0.0048EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.2 views

Azure Linux 3.0 Security Update: nodejs (CVE-2024-21896)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21896 advisory. - The permission model protects itself against path traversal attacks by calling path.resolve on any paths giv...

9.8CVSS5.5AI score0.01262EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/20 9:31 p.m.9 views

binary-parser library has a code injection vulnerability

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...

6.5CVSS6.5AI score0.00505EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/01/20 9:16 p.m.7 views

AZL-75077 CVE-2025-59465 affecting package nodejs for versions less than 20.14.0-13

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

7.5CVSS7.2AI score0.03782EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.5 views

Node.js security vulnerabilities

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. There are security vulnerabilities in Node.js, where the error related to the maximum call stack size when enabling asynchooks.createHook makes it impossible to catch certain exceptions,...

7.5CVSS7.1AI score0.00624EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.2 views

MiracleLinux 8 : nodejs:16 (AXSA:2022-3844:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3844:01 advisory. nodejs-ansi-regex: Regular expression denial of service ReDoS matching ANSI escape codes CVE-2021-3807 nodejs: DNS rebinding in --inspect via invali...

8.1CVSS8.3AI score0.77278EPSS
Exploits4References7
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : rh-nodejs10-nodejs-10.24.0-1.el7 (AXSA:2021-1588:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1588:02 advisory. nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion CVE-2021-22883 nodejs: DNS rebinding in --inspect CVE-2021-22884 Tenable has...

7.8CVSS7.7AI score0.77385EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.14 views

MiracleLinux 9 : nodejs-16.20.2-3.el9 (AXSA:2023-6507:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6507:05 advisory. nodejs: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 A Cybertrust Japan Co., Ltd. Security...

7.5CVSS7.5AI score0.99999EPSS
Exploits19References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : rh-nodejs10-nodejs-10.21.0-3.el7 (AXSA:2020-228:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-228:02 advisory. ICU: Integer overflow in UnicodeString::doAppend CVE-2020-10531 nghttp2: overly large SETTINGS frames can lead to DoS CVE-2020-11080 nodejs-minimist:...

9.3CVSS7.6AI score0.07646EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 8 : nodejs:18 (AXSA:2022-4480:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4480:01 advisory. nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields CVE-2022-35256...

9.1CVSS8.5AI score0.02587EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.11 views

MiracleLinux 9 : nodejs-16.20.2-8.el9_4 (AXSA:2024-8149:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8149:02 advisory. nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of service...

8.2CVSS7AI score0.87211EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.9 views

MiracleLinux 8 : nodejs:18 (AXSA:2023-6526:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6526:01 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 A Asianux Security Bulletin which...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 9 : nodejs-16.20.2-4.el9_3 (AXSA:2024-7625:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7625:01 advisory. nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 Tenable has extracted the preceding description blo...

7.5CVSS7.9AI score0.03168EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 9 : nodejs:20 (AXSA:2024-7667:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7667:01 advisory. nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTTP...

9.8CVSS8.2AI score0.03168EPSS
Exploits0References8
CERT
CERT
added 2026/01/20 12:0 a.m.8 views

Code injection vulnerability in binary-parser library

Overview The binary-parser library for Node.js contains a code injection vulnerability that may allow arbitrary JavaScript code execution if untrusted input is used to construct parser definitions. Versions prior to 2.3.0 are affected. The issue has been resolved by the developer in a public...

6.5CVSS7AI score0.00505EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.3 views

MiracleLinux 8 : nodejs:10 (AXSA:2021-1558:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1558:01 advisory. nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion CVE-2021-22883 nodejs: DNS rebinding in --inspect CVE-2021-22884 Tenable has...

7.8CVSS7.7AI score0.77385EPSS
Exploits1References3
Rows per page
Query Builder