Malicious code in javascript-heap (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 83e06344668ac9569d6453b98d15e492e35ad313b880f085c08f7600b977a837 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Important: nodejs22

Issue Overview: Corrupted pointer in node::fs::ReadFileUtf8const FunctionCallbackInfo& args when args0 is a string, resulting in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service. Info:...

@haxtheweb/create (>=0.1.3 <=25.0.0), @haxtheweb/open-apis (>=11.0.2 <=11.0.3) potentially affected by CVE-2025-49141 via @haxtheweb/haxcms-nodejs (>=0.0.13 <=11.0.15)

@haxtheweb/haxcms-nodejs NPM version =0.0.13, =0.1.3, =11.0.2, =11.0.3 Source cves: CVE-2025-49141 Source advisory: OSV:GHSA-G4CF-PP4X-HQGW...

AZL-63881 CVE-2025-5889 affecting package nodejs18 for versions less than 18.20.3-9

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely...

AZL-63707 CVE-2025-5889 affecting package nodejs-nodemon 2.0.3-4

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely...

@haxtheweb/create (>=0.1.3 <=11.0.2), @haxtheweb/open-apis (=11.0.2) potentially affected by CVE-2025-49139 via @haxtheweb/haxcms-nodejs (>=0.0.13 <=10.0.6)

@haxtheweb/haxcms-nodejs NPM version =0.0.13, =0.1.3, =11.0.2 - @haxtheweb/open-apis =11.0.2 Source cves: CVE-2025-49139 Source advisory: OSV:GHSA-V3PH-2Q5Q-CG88...

RHSA-2025:8514 Red Hat Security Advisory: nodejs:20 security update

Bulletin has no description...

AlmaLinux 8 : nodejs:20 (ALSA-2025:8514)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:8514 advisory. nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 Tenable has extracted the preceding description block directly from the AlmaLinux securit...

AlmaLinux 8 : nodejs:22 (ALSA-2025:8506)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:8506 advisory. nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 Tenable has extracted the preceding description block directly from the AlmaLinux securit...

AlmaLinux 9 : nodejs:22 (ALSA-2025:8467)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:8467 advisory. nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 Tenable has extracted the preceding description block directly from the AlmaLinux securit...

AlmaLinux 9 : nodejs:20 (ALSA-2025:8468)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:8468 advisory. nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 Tenable has extracted the preceding description block directly from the AlmaLinux securit...

RHSA-2025:8467 Red Hat Security Advisory: nodejs:22 security update

Bulletin has no description...

nodejs: Memory Leak in Node.js ReadFileUtf8 Binding Leading to DoS

A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding...

Oracle Linux 9 : nodejs:20 (ELSA-2025-8468)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8468 advisory. nodejs 1:20.19.2-1 - Update to version 20.19.2 Resolves: RHEL-92865 RHEL-88876 RHEL-91597 nodejs-nodemon nodejs-packaging Tenable has extracted the preceding...

RHEL 8 : nodejs:20 (RHSA-2025:8514)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8514 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

nodejs:22 security update

nodejs 1:22.15-1-1 - Update to 22.16.0 Fixes: CVE-2025-23166 - Resolves: RHEL-91596 RHEL-92859 1:22.15.0-1 - Update to 22.15.0 - Drop upstream patches 1:22.13.1-4 - Patch fix for sqlite CVE-2025-31498 Resolves: RHEL-87300 1:22.13.1-3 - Update c-ares to newest version with fix for CVE-2025-31498...

RHEL 8 : nodejs:22 (RHSA-2025:8506)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8506 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

ALSA-2025:8506 Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 For more details about the security issues, including the impact, a CVSS...

Oracle Linux 9 : nodejs:22 (ELSA-2025-8467)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8467 advisory. nodejs 1:22.16.0-1 - Update to 22.16.0 Resolves: RHEL-89600 RHEL-92872 RHEL-92420 Tenable has extracted the preceding description block directly from the Oracle...

nodejs: Memory Leak in Node.js ReadFileUtf8 Binding Leading to DoS

A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding...