CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2025-22150)

The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22150 advisory. - Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and...

Oracle Linux 9 : nodejs:18 (ELSA-2025-1446)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-1446 advisory. - Update to version 18.20.6 Resolves: RHEL-76801 Fixes: CVE-2025-23085 Tenable has extracted the preceding description block directly from the Oracle...

CVE-2024-22195 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-22195 affecting package nodejs for versions less than 20.14.0-1. A patched version of the package is available...

nodejs: Node.js Worker Thread Exposure via Diagnostics Channel

A flaw was found in the Node.js diagnosticschannel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created...

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083...

Regular Expression Denial of Service (ReDoS)

Overview parse-duration is a package that converts a human readable duration to ms. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. An attacker could cause an event loop delay or trigger an out of memory error that would crash a running Node.js...

CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2023-32002)

The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-32002 advisory. - The use of Module.load can bypass the policy mechanism and require modules outside of the...

Azure Linux 3.0 Security Update: nodejs / pytorch (CVE-2021-22918)

The version of nodejs / pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-22918 advisory. - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii ...

Azure Linux 3.0 Security Update: c-ares / fluent-bit / grpc / nodejs (CVE-2023-32067)

The version of c-ares / fluent-bit / grpc / nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-32067 advisory. - c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of...

Azure Linux 3.0 Security Update: nodejs / nodejs18 / python-jinja2 (CVE-2024-34064)

The version of nodejs / nodejs18 / python-jinja2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-34064 advisory. - Jinja is an extensible templating engine. The xmlattr filter in affected versions...

Azure Linux 3.0 Security Update: cloud-hypervisor-cvm / hvloader / nodejs / nodejs18 / openssl (CVE-2023-6237)

The version of cloud-hypervisor-cvm / hvloader / nodejs / nodejs18 / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6237 advisory. - Issue summary: Checking excessively long invalid RSA...

Azure Linux 3.0 Security Update: cloud-hypervisor-cvm / hvloader / nodejs18 (CVE-2023-5363)

The version of cloud-hypervisor-cvm / hvloader / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5363 advisory. - Issue summary: A bug has been identified in the processing of key and...

Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2024-30261)

The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-30261 advisory. - Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integri...

Azure Linux 3.0 Security Update: c-ares / fluent-bit / grpc / nodejs / nodejs18 / python-gevent (CVE-2024-25629)

The version of c-ares / fluent-bit / grpc / nodejs / nodejs18 / python-gevent installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-25629 advisory. - c-ares is a C library for asynchronous DNS requests...

Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2024-30260)

The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-30260 advisory. - Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and...

Azure Linux 3.0 Security Update: cmake / libuv / nodejs / nodejs18 / python-gevent (CVE-2024-24806)

The version of cmake / libuv / nodejs / nodejs18 / python-gevent installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24806 advisory. - libuv is a multi-platform support library with a focus on...

Azure Linux 3.0 Security Update: fluent-bit / nghttp2 / nodejs / nodejs18 (CVE-2024-28182)

The version of fluent-bit / nghttp2 / nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28182 advisory. - nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 ...

Azure Linux 3.0 Security Update: python-jinja2 (CVE-2024-22195)

The version of python-jinja2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22195 advisory. - Jinja is an extensible templating engine. Special placeholders in the template allow writing code...

Azure Linux 3.0 Security Update: nodejs / nodejs18 / reaper (CVE-2024-21538)

The version of nodejs / nodejs18 / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21538 advisory. - Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are...

Azure Linux 3.0 Security Update: nodejs / nodejs18 / reaper (CVE-2023-42282)

The version of nodejs / nodejs18 / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-42282 advisory. - The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such ...