CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4389 matches found

RedHat Linux•added 2026/04/13 2:27 a.m.•2 views

Important: Red Hat Security Advisory: nodejs24 security update

An update for nodejs24 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS6.7AI score0.13066EPSS

Exploits1References19

Tenable Nessus•added 2026/04/13 12:0 a.m.•5 views

RockyLinux 9 : nodejs:20 (RLSA-2026:7896)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7896 advisory. minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophic...

8.7CVSS7AI score0.13066EPSS

Exploits2References9

Tenable Nessus•added 2026/04/13 12:0 a.m.•5 views

RHEL 8 : nodejs:24 (RHSA-2026:7670)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7670 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

9.8CVSS5.9AI score0.13066EPSS

Exploits1References37

Tenable Nessus•added 2026/04/13 12:0 a.m.•3 views

Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2026-1576)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1576 advisory. A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs,...

7.5CVSS6.8AI score0.13066EPSS

Exploits0References14

Amazon•added 2026/04/13 12:0 a.m.•5 views

Important: nodejs20

Issue Overview: A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called ...

7.5CVSS7.1AI score0.13066EPSS

Exploits0

Tenable Nessus•added 2026/04/13 12:0 a.m.•4 views

RHEL 10 : nodejs24 (RHSA-2026:7675)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7675 advisory. Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an...

9.8CVSS6.7AI score0.13066EPSS

Exploits1References38

Oracle linux•added 2026/04/13 12:0 a.m.•7 views

nodejs:24 security update

nodejs 1:24.14.1-2 - Update bundled nghttp2 to 1.68.1 Related: RHEL-151374 1:24.14.1-1 - Update to 24.14.0 Resolves: RHEL-151374 nodejs-nodemon 3.0.3-1 - Initial import into nodejs:24 module nodejs-packaging 2021.06-6 - Properly handle @group/package deps in nodejs-symlink-deps Resolves:...

9.8CVSS5.8AI score0.13066EPSS

Exploits1

Amazon•added 2026/04/13 12:0 a.m.•5 views

Important: nodejs24

7.5CVSS7.2AI score0.13066EPSS

Exploits1

OSV•added 2026/04/11 2:3 p.m.•2 views

OESA-2026-1835 nodejs-brace-expansion security update

Brace expansion as known from sh/bash Security Fixes: The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run...

7.5CVSS5.9AI score0.0043EPSS

Exploits0References2