ROOT-OS-DEBIAN-12-CVE-2024-22019 CVE-2024-22019 in rootio-nodejs - Patched by Root

Root has patched CVE-2024-22019 in the rootio-nodejs package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2024-27982 CVE-2024-27982 in rootio-nodejs - Patched by Root

Root has patched CVE-2024-27982 in the rootio-nodejs package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2025-23166 CVE-2025-23166 in rootio-nodejs - Patched by Root

Root has patched CVE-2025-23166 in the rootio-nodejs package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2025-23165 CVE-2025-23165 in rootio-nodejs - Patched by Root

Root has patched CVE-2025-23165 in the rootio-nodejs package for Root:Debian:12. Multiple fixed versions available...

PT-2025-32688 · Unknown +1 · Content-Security-Policy-Parser +1

Name of the Vulnerable Software and Affected Versions: content-security-policy-parser versions 0.5.0 and earlier Description: The content-security-policy-parser software parses content security policy directives. A prototype pollution vulnerability exists in versions 0.5.0 and earlier, where...

Malicious code in nodejs-with-singlestore-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2dfae81e2129cf717fbae5a22ecd1938d1ea741de0968e42d5363363d6ea2dfe The OpenSSF Package Analysis project identified 'nodejs-with-singlestore-demo' @ 1002.0.1 npm as malicious. It is considered malicious because: ...

MAL-2025-6805 Malicious code in nodejs-with-singlestore-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2dfae81e2129cf717fbae5a22ecd1938d1ea741de0968e42d5363363d6ea2dfe The OpenSSF Package Analysis project identified 'nodejs-with-singlestore-demo' @ 1002.0.1 npm as malicious. It is considered malicious because: ...

Medium: nodejs

Issue Overview: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be...

[R1] Tenable Identity Exposure Versions 3.93.2 and 3.77.13 Fix One Vulnerability

R1 Tenable Identity Exposure Versions 3.93.2 and 3.77.13 Fix One Vulnerability Arnie Cabral Wed, 08/06/2025 - 10:48 Tenable Identity Exposure leverages third-party software to help provide underlying functionality. One of the third-party components nodeJS was found to contain vulnerabilities, and...

Tenable Identity Exposure < 3.77.13(LTS) / 3.93.2 Vulnerable Nodejs (TNS-2025-16)

The version of Tenable Identity Exposure formerly Tenable.ad installed on the remote host is prior to 3.77.13LTS or 3.93.2. It therefore contains a version of Nodejs that could be vulnerable. Tenable has upgrade these components to address the potential impact of the issues. Note that Nessus has...

Security Bulletin: IBM Maximo Application Suite uses multiple nodejs and go packages which is vulnerable to " CVE-2025-27152, CVE-2025-32996, CVE-2025-32997, CVE-2025-22871"

Summary IBM Maximo Application Suite uses " axios, http-proxy-middleware and net/http package " which is vulnerable to "CVE-2025-27152, CVE-2025-32996, CVE-2025-32997, CVE-2025-22871". This bulletin contains information regarding the vulnerability and how to address it. Vulnerability Details...

RockyLinux 8 : nodejs:20 (RLSA-2025:4461)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:4461 advisory. c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 Tenable has extracted the preceding description block directly from the RockyLinux security...

RockyLinux 9 : nodejs:20 (RLSA-2025:7426)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7426 advisory. c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 Tenable has extracted the preceding description block directly from the RockyLinux security...

RockyLinux 9 : nodejs:22 (RLSA-2025:8467)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:8467 advisory. nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 Tenable has extracted the preceding description block directly from the...

RockyLinux 8 : nodejs:22 (RLSA-2025:4459)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:4459 advisory. c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 SQLite: integer overflow in SQLite CVE-2025-3277 Tenable has extracted the preceding...

RockyLinux 8 : nodejs:22 (RLSA-2025:8506)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:8506 advisory. nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 Tenable has extracted the preceding description block directly from the...

RockyLinux 8 : nodejs:20 (RLSA-2025:8514)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:8514 advisory. nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 Tenable has extracted the preceding description block directly from the...

RockyLinux 9 : nodejs:20 (RLSA-2025:8468)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:8468 advisory. nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 Tenable has extracted the preceding description block directly from the...

Oracle Linux 9 : nodejs:22 (ELSA-2025-11802)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-11802 advisory. nodejs 1:22.16.0-2 - Patch fix for CVE-2025-6965 Resolves: RHEL-103851 nodejs-nodemon nodejs-packaging Tenable has extracted the preceding description block...

RockyLinux 9 : nodejs:22 (RLSA-2025:11802)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:11802 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note tha...