GHSA-M7GM-V253-56HH @lumieducation/h5p-server Fails to Sanitize Plain Text Strings

Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings...

CVE-2025-47828

Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings...

CVE-2025-47828

Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings...

CVE-2025-47828

Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings...

CVE-2025-47828

Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings...

H5P-Nodejs-library 安全漏洞

H5P-Nodejs-library is a collection of server-side and client-side packages open-sourced by Lumi that can be used to use h5p in nodejs backends. A security vulnerability exists in H5P-Nodejs-library versions prior to 9.3.3, which stems from not calling sanitizeHtml on a plain text string...

PT-2025-20649 · Unknown · Lumi H5P-Nodejs-Library

Name of the Vulnerable Software and Affected Versions: Lumi H5P-Nodejs-library versions prior to 9.3.3 Description: The issue is related to the omission of a sanitizeHtml call for plain text strings. This could potentially lead to security issues, although specific details about the estimated...

CVE-2025-47828

CVE-2025-47828 affects Lumi H5P-Nodejs-library before 9.3.3. The root cause is omission of sanitizeHtml for plain text strings, enabling potential Cross-Site Scripting (XSS) risks. Impact is limited to confidentiality and integrity with no reported availability impact; attack vector is network, w...

Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale

Implement and monitor Appsec control at scale. Requirements NodeJS 20.13 Tested on Mac Ubuntu How to install $ git clone [email protected]:mf-labs/witcher.git $ cd witcher $ npm i Build a Docker image $ git clone [email protected]:mf-labs/witcher.git $ cd witcher $ docker build -t witch...

SUSE CVE-2025-47153

Certain build processes for libuv and Node.js for 32-bit systems, such as for the nodejs binary package through nodejs20.19.0+dfsg-2i386.deb for Debian GNU/Linux, have an inconsistent offt size e.g., building on i386 Debian always uses FILEOFFSETBITS=64 for the libuv dynamic library, but uses the...

AlmaLinux 8 : nodejs:20 (ALSA-2025:4461)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:4461 advisory. c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 Tenable has extracted the preceding description block directly from the AlmaLinux security...

AlmaLinux 8 : nodejs:22 (ALSA-2025:4459)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:4459 advisory. c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 SQLite: integer overflow in SQLite CVE-2025-3277 Tenable has extracted the preceding...

20 bug fix and enhancement update

An update is available for nodejs-nodemon, nodejs-packaging, module.nodejs-packaging, module.nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

RHSA-2025:4461 Red Hat Security Advisory: nodejs:20 security update

Bulletin has no description...

Oracle Linux 8 : nodejs:20 (ELSA-2025-4461)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-4461 advisory. nodejs 1:20.19.1-1 - Update to version 20.19.1 Resolves: RHEL-78763 1:20.18.2-4 - Update c-ares to 1.34.5 to address CVE-2025-31498 Tenable has extracted the...

Oracle Linux 8 : nodejs:22 (ELSA-2025-4459)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-4459 advisory. - Patch fix for sqlite CVE-2025-31498 Resolves: RHEL-87300 Tenable has extracted the preceding description block directly from the Oracle Linux securit...

[SECURITY] Fedora 42 Update: nodejs-pnpm-10.9.0-1.fc42

A fast, disk space efficient package manager for NodeJS...

[SECURITY] Fedora 41 Update: nodejs-pnpm-10.9.0-1.fc41

A fast, disk space efficient package manager for NodeJS...

[SECURITY] Fedora 40 Update: nodejs-pnpm-10.9.0-1.fc40

A fast, disk space efficient package manager for NodeJS...

Fedora 41 : nodejs-bash-language-server / nodejs-pnpm (2025-d4cc30bdfb)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-d4cc30bdfb advisory. Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language-server to version 5.6.0 Tenable has extracted the preceding description block...