4389 matches found
MGASA-2026-0009 Updated nodejs packages fix security vulnerabilities
Node.js HTTP/2 server crashes with unhandled error when receiving malformed HEADERS frame. CVE-2025-59465 Uncatchable "Maximum call stack size exceeded" error on Node.js via asynchooks leads to process crashes bypassing error handlers. CVE-2025-59466 Bypass File System Permissions using crafted...
SUSE CVE-2026-22036
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...
@blockchain-lab-um/ssi-snap (>=1.0.3 <=1.0.7), @i3m/base-wallet (>=1.1.0 <=2.6.1) +50 more potentially affected by unknown CVE via @veramo/data-store (>=0.0.42 <=5.6.0)
@veramo/data-store NPM version =0.0.42, =1.0.3, =1.1.0, =1.1.0, =1.2.0, =1.1.0, =0.2.0, =1.0.0, =1.5.0, =1.5.1, =0.0.1, =0.11.1-next.4, =0.2.1-next.13, =0.8.1-next.272, =0.11.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-38CW-85XC-XR9X...
MiracleLinux 7 : rh-nodejs8-nodejs-8.11.4-1.el7 (AXSA:2019-3540:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3540:01 advisory. nodejs: Out of bounds OOB write via UCS-2 encoding CVE-2018-12115 Tenable has extracted the preceding description block directly from the MiracleLin...
MiracleLinux 7 : http-parser-2.7.1-8.el7 (AXSA:2019-4071:01)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-4071:01 advisory. nodejs: Denial of Service with large HTTP headers CVE-2018-12121 nodejs: HTTP parser allowed for spaces inside Content-Length header values...
GHSA-P2WW-P57H-W5M7 vulnerabilities
Vulnerabilities for packages: nodejs...
GHSA-37V4-CWGP-X353 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2025-23084 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2025-23084 vulnerabilities
Vulnerabilities for packages: nodejs...
GHSA-37V4-CWGP-X353 vulnerabilities
Vulnerabilities for packages: nodejs...
GHSA-P2WW-P57H-W5M7 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2024-36138 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2026-22036
Undici (HTTP/1.1 client for Node.js) contains a vulnerability in its decompression chain handling. Before versions 7.18.0 and 6.23.0, the chain can have an unbounded number of links, and the default maxHeaderSize allows a malicious server to insert thousands of compression steps, causing high CPU...
CVE-2026-22036 Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...
GHSA-F27J-4F6G-JP27 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2024-21892 vulnerabilities
Vulnerabilities for packages: nodejs...
GHSA-F27J-4F6G-JP27 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2024-21892 vulnerabilities
Vulnerabilities for packages: nodejs...
Enclave 安全漏洞
Enclave is an open source sandboxing software from AgentFront. A security vulnerability exists in versions prior to Enclave 2.7.0 that stems from a sandbox escape that could lead to the execution of arbitrary code in the host Node.js runtime...
📄 n8n Workflow Expression Remote Code Execution
This Metasploit module exploits a critical remote code execution vulnerability CVE-2025-68613 in the n8n workflow automation platform. The vulnerability exists in the workflow expression evaluation system where user-supplied expressions enclosed in are evaluated in an execution context that is no...