CLSA-2026-1770717358 nodejs: Fix of CVE-2024-28863

CVE-2024-28863: prevent extraction in excessively deep sub-folders to fix potential memory consumption and crashing issues...

SUSE CVE-2026-1615

Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can...

📄 jsonpath 1.1.1 Prototype Pollution

Proof of concept exploit for a prototype pollution vulnerability in jsonpath version 1.1.1, where unsafe writes to $.constructor.prototype allows attackers to inject arbitrary properties and functions into Object.prototype. By abusing jsonpath.value, an attacker can globally modify object...

EverShop SQL注入漏洞

EverShop is an open-source NodeJS e-commerce platform developed by EverShop. Versions of EverShop prior to 2.1.1 contained a SQL injection vulnerability. This vulnerability occurred when processing category updates and deletions, where the urlkey value was embedded into SQL statements through...

RHEL 8 : nodejs:22 (RHSA-2026:2421)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2421 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

RHEL 8 : nodejs:20 (RHSA-2026:2422)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2422 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

ALSA-2026:2420 Important: nodejs:24 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service...

nodejs:24 security update

nodejs 1:24.13.0-1 - Update to 24.13.0 Resolves: RHEL-135257 1:24.4.1-1 - Initial import of nodejs:24 nodejs-nodemon 3.0.3-1 - Initial import into nodejs:24 module nodejs-packaging 2021.06-6 - Properly handle @group/package deps in nodejs-symlink-deps Resolves: RHEL-121576 2021.06-5 - nodejs.req ...

ALSA-2026:2422 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service...

AlmaLinux 10 : nodejs22 (ALSA-2026:1843)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:1843 advisory. nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service CVE-2025-594...

RHEL 8 : nodejs:24 (RHSA-2026:2420)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2420 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service...

CVE-2020-28493 affecting package nodejs24 for versions less than 24.13.0-1

CVE-2020-28493 affecting package nodejs24 for versions less than 24.13.0-1. A patched version of the package is available...

CVE-2025-55130 affecting package nodejs for versions less than 20.14.0-12

CVE-2025-55130 affecting package nodejs for versions less than 20.14.0-12. A patched version of the package is available...

Photon OS 5.0: Nodejs PHSA-2026-5.0-0755

An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0755. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2026-25651

client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Hos...

CVE-2026-25651

client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Hos...

CVE-2026-25651

client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Hos...

CVE-2026-25651

CVE-2026-25651 affects the Node.js middleware client-certificate-auth. Versions 0.2.1 and 0.3.0 contain an open redirect vulnerability caused by unvalidated Host header handling in the HTTP-to-HTTPS redirect (redirecting to https://), enabling attackers to redirect users to arbitrary domains. Pub...

CVE-2026-25651 client-certificate-auth has an Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect

client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Hos...