4389 matches found
RockyLinux 9 : nodejs:18 (RLSA-2023:5849)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5849 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 nodejs: integrity checks according to...
RockyLinux 9 : nodejs:18 (RLSA-2023:2654)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2654 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-49...
RLSA-2023:2654 Moderate: nodejs:18 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.14.2. Security Fixes: glob-parent: Regular Expression Denial of Service...
nodejs:18 security, bug fix, and enhancement update
An update is available for nodejs-packaging, module.nodejs-packaging. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform...
Node.js React Server Components Unauthenticated Remote Code Execution (CVE-2025-55182)
Multiple Node.js React Server Components packages are affected by an unauthenticated remote code execution vulnerability. The following Node.js packages and versions are affected: - react-server-dom-webpack 19.0, 19.1.0, 19.1.1, 19.2.0 - react-server-dom-parcel 19.0, 19.1.0, 19.1.1, 19.2.0 -...
Malicious code in lbank-connector-nodejs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 269534d355daa221c39b34954aedea297175091aaf5ae63fec123b9bea17fa16 The package lbank-connector-nodejs was found to contain malicious code...
MAL-2025-191579 Malicious code in lbank-connector-nodejs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 269534d355daa221c39b34954aedea297175091aaf5ae63fec123b9bea17fa16 The package lbank-connector-nodejs was found to contain malicious code...
Malicious code in aps-simple-viewer-nodejs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a3d18d7c64f1636f4922e13d1cc9768c1516be07e755001ed729faff0a63c29 The package aps-simple-viewer-nodejs was found to contain malicious code...
MAL-2025-191564 Malicious code in aps-simple-viewer-nodejs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a3d18d7c64f1636f4922e13d1cc9768c1516be07e755001ed729faff0a63c29 The package aps-simple-viewer-nodejs was found to contain malicious code...
Malicious Package
Overview bcryptjs-nodejs is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package...
CVE-2025-5222 affecting package nodejs for versions less than 20.14.0-10
CVE-2025-5222 affecting package nodejs for versions less than 20.14.0-10. A patched version of the package is available...
@nmime/nestjs-asyncapi (>=2.0.0 <=2.0.7) potentially affected by unknown CVE via @asyncapi/nodejs-ws-template (=0.10.0)
@asyncapi/nodejs-ws-template NPM version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/nodejs-ws-template and may be impacted: - @nmime/nestjs-asyncapi =2.0.0, =2.0.7 Source cves: unknown CVE Source advisory:...
@nmime/nestjs-asyncapi (>=2.0.0 <=2.0.7) potentially affected by unknown CVE via @asyncapi/nodejs-template (=3.0.4)
@asyncapi/nodejs-template NPM version =3.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/nodejs-template and may be impacted: - @nmime/nestjs-asyncapi =2.0.0, =2.0.7 Source cves: unknown CVE Source advisory:...
Malicious code in @asyncapi/nodejs-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 882d41f9612d27876945ecf55500df19a306cfac18cf244eb72f05288a51222a The package @asyncapi/nodejs-template was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190718 Malicious code in @asyncapi/nodejs-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 882d41f9612d27876945ecf55500df19a306cfac18cf244eb72f05288a51222a The package @asyncapi/nodejs-template was found to contain malicious code. Source: ghsa-malware...
Malicious code in @asyncapi/nodejs-ws-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06529fc17471f54f2c0fc317bca64f4b01fa049862dd2ce5863b33db8445b7ed The package @asyncapi/nodejs-ws-template was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198755
Malicious code in @asyncapi/nodejs-ws-template npm...
MAL-2025-190719 Malicious code in @asyncapi/nodejs-ws-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06529fc17471f54f2c0fc317bca64f4b01fa049862dd2ce5863b33db8445b7ed The package @asyncapi/nodejs-ws-template was found to contain malicious code. Source: ghsa-malware...
body-parser 安全漏洞
body-parser is a Node.js parsing middleware open-sourced by expressjs. A security vulnerability exists in body-parser version 2.2.0, which stems from inefficient handling of URL-encoded bodies and could lead to a denial-of-service attack...
TencentOS Server 4: nodejs20 (TSSA-2025:0415)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0415 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...