MAL-2025-5535 Malicious code in pyroscope-nodejs (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f63660c0844969995da8de5a83535772031d00f3247e8cbb5a40addbc21a234 Any computer that has this package installed or running should be considered...

AZL-76320 CVE-2025-6554 affecting package nodejs24 24.13.0-3

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

Malicious code in es6modules-nodejs (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 218c17a75c3af9325e1d26ff2b2feec20f788118052f29452038579a57a4bb40 Any computer that has this package installed or running should be considered...

MGASA-2025-0194 Updated yarnpkg packages fix security vulnerabilities

CVE-2024-37890 yarnpkg: denial of service when handling a request with many HTTP headers. CVE-2024-48949 yarnpkg: Missing Validation in Elliptic's EDDSA Signature Verification. CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file And other vulnerabilities in...

Photon OS 4.0: Nodejs PHSA-2025-4.0-0820

An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0820. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

The vulnerability of the pbkdf2 library in the Node.js software platform, which allows attackers to forge digital signatures

The vulnerability of the pbkdf2 library in the Node.js software platform is related to deficiencies in the mechanism for verifying input data. Exploiting this vulnerability allows a malicious actor to forge digital signatures by sending specially crafted packets...

Important Photon OS Security Update - PHSA-2025-4.0-0820

Updates of 'nodejs', 'rubygem-webrick' packages of Photon OS have been released...

GHSA-V62P-RQ8G-8H59 pbkdf2 silently disregards Uint8Array input, returning static keys

Summary On historic but declared as supported Node.js versions 0.12-2.x, pbkdf2 silently disregards Uint8Array input This only affects Node.js = 0.12 and there seems to be ongoing effort in this repo to maintain that Support Uint8Array input input is typechecked against Uint8Array, and the error...

SUSE-SU-2025:02045-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.19.2: - CVE-2025-23166: improper error handling in async cryptographic operations crashes process bsc1243218. - CVE-2025-23167: improper HTTP header block termination in llhttp bsc1243220. - CVE-2025-23165: add missing call to...

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.19.2: CVE-2025-23166: improper error handling in async cryptographic operations crashes process bsc1243218. CVE-2025-23167: improper HTTP header block termination in llhttp bsc1243220. CVE-2025-23165: add missing call to...

SUSE-SU-2025:02039-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.19.2: - CVE-2025-23166: improper error handling in async cryptographic operations crashes process bsc1243218. - CVE-2025-23167: improper HTTP header block termination in llhttp bsc1243220. - CVE-2025-23165: add missing call to...

UBUNTU-CVE-2025-50182

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means...

CVE-2025-50182

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means...

TencentOS Server 3: nodejs (TSSA-2023:0002)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0002 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Oracle Linux 8 : nodejs:20 (ELSA-2025-8514)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8514 advisory. - Update to version 20.19.2 Fixes: CVE-2025-23166 Resolves: RHEL-91595 RHEL-89598 RHEL-92854 - Update c-ares to 1.34.5 to address CVE-2025-31498 - Update to...

openSUSE Security Advisory (SUSE-SU-2025:01878-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MAL-2025-5028 Malicious code in console-color-nodejs (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in console-color-nodejs (npm)

The package communicates with a domain associated with malicious activity...

RHSA-2025:8902 Red Hat Security Advisory: nodejs:20 security update

Bulletin has no description...

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...