OPENSUSE-SU-2025:14884-1 nodejs-electron-33.4.4-1.1 on GA media

These are all security issues fixed in the nodejs-electron-33.4.4-1.1 package on the GA media of openSUSE Tumbleweed...

MAL-2025-2257 Malicious code in example-nodejs-express (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb2351b3777bfaea370237b22b5155a53e293162cb01bca791717b05107a4b7c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2254 Malicious code in ee-server-auth-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32fbc3ea50c42c26476bf7cb134539c929e31be4c5e816c994e529e00b5ebf47 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

AZL-58362 CVE-2025-2137 affecting package nodejs 20.14.0-13

Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

AZL-58377 CVE-2025-2135 affecting package nodejs18 18.20.3-11

Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

AZL-58375 CVE-2025-2137 affecting package nodejs18 18.20.3-11

Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

AZL-58372 CVE-2025-1920 affecting package nodejs18 18.20.3-11

Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Linux Distros Unpatched Vulnerability : CVE-2023-43646

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regul...

Malicious code in organizer-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71911a8ea9e577cc58952aaad429e86a8c29e91145fc92156b41365c77f19012 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2120 Malicious code in organizer-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71911a8ea9e577cc58952aaad429e86a8c29e91145fc92156b41365c77f19012 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in api-nodejs-template (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-1726 Malicious code in api-nodejs-template (npm)

--- -= Per source details. Do not edit below this line.=-...

nodejs-electron-33.4.2-1.1 on GA media (moderate)

nodejs-electron-33.4.2-1.1 on GA media Announcement ID: openSUSE-SU-2025:14848-1 Rating: moderate Cross-References: CVE-2025-0611 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

OPENSUSE-SU-2025:14848-1 nodejs-electron-33.4.2-1.1 on GA media

These are all security issues fixed in the nodejs-electron-33.4.2-1.1 package on the GA media of openSUSE Tumbleweed...

Malicious code in auth0-nodejs-webapp-sample-new-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 66ab3d3775ff156aa2978e726606e002c0b7d2673ea1667898733604c8521491 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1572 Malicious code in auth0-nodejs-webapp-sample-new-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 66ab3d3775ff156aa2978e726606e002c0b7d2673ea1667898733604c8521491 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

RockyLinux 8 : nodejs:18 (RLSA-2025:1582)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:1582 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 Tenable has...

RockyLinux 8 : nodejs:22 (RLSA-2025:1611)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:1611 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083 nodejs:...

RockyLinux 9 : nodejs:22 (RLSA-2025:1613)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:1613 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083 nodejs:...

CVE-2025-23090 affecting package nodejs for versions less than 20.14.0-4

CVE-2025-23090 affecting package nodejs for versions less than 20.14.0-4. A patched version of the package is available...