Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2026-1648)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1648 advisory. @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service DoS issue caused by unbound...

Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2026-1647)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1647 advisory. nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API...

10minions-engine (>=0.0.1 <=0.0.4), @0xr404/lol404 (>=1.1.0 <=1.1.6) +3464 more potentially affected by CVE-2026-44295 via protobufjs (>=7.0.0 <=7.5.5)

protobufjs NPM version =7.0.0, =0.0.1, =1.1.0, =1.0.1-beta.0, =1.0.0, =1.5.10, =0.10.1, =1.1.0, =0.3.790, =6.0.0, =0.0.6, =0.0.7 and more Source cves: CVE-2026-44295 Source advisory: SNYK:JS-PROTOBUFJS-16643442...

Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2026-1616)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1616 advisory. A flaw was found in zlib. An attacker providing specially crafted input to the crc32combine64 or crc32combinegen64 functions could trigger an infinite loop within the x2nmodp function. This leads to...

Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2026-1609)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1609 advisory. @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service DoS issue caused by unbound...

Taint-Style Vulnerability Detection and Confirmation for Node.Js Packages Using LLM Agent Reasoning

The rapidly evolving Node$.$js ecosystem currently includes millions of packages and is a critical part of modern software supply chains, making vulnerability detection of Node$.$js packages increasingly important. However, traditional program analysis struggles in this setting because of dynamic...

Oracle Linux 9 : nodejs:22 (ELSA-2026-7302)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7302 advisory. - introduced patch updating deps/nghttp2 to v 1.68.1 for CVE-2026-27135 - patch for npm/braces CVE-2026-25547 Resolves: RHEL-163369 Fixes: CVE-2026-152...

CVE-2026-21713 vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-CFR8-F5Q7-84WQ vulnerabilities

Vulnerabilities for packages: nodejs...

Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2026-1483)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1483 advisory. node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that...

@1auth/authn-webauthn (>=0.0.0-alpha.0 <=0.0.0-alpha.3), @agentic/stdlib (>=7.4.0 <=7.6.9) +786 more potentially affected by CVE-2026-4598 via jsrsasign (>=0.0.3 <=11.1.0)

jsrsasign NPM version =0.0.3, =0.0.0-alpha.0, =7.4.0, =7.4.0, =6.0.0, =1.0.0-1.0.1.0, =1.0.0-1.0.1.0, =0.0.3-alpha.0, =2.0.0, =2.7.1, =6.0.0, =6.0.0, =0.1.0, =1.0.0, =5.0.0-3998.0 and more Source cves: CVE-2026-4598 Source advisory: OSV:GHSA-8G7P-JF3G-GXCP...

Critical Photon OS Security Update - PHSA-2026-5.0-0755

Updates of 'nodejs', 'alsa-lib' packages of Photon OS have been released...

Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2026-1403)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1403 advisory. Bypass File System Permissions using crafted symlinks CVE-2025-55130 A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using th...

@haxtheweb/create (>=0.1.3 <=25.0.2), @haxtheweb/haxcms-nodejs (>=0.0.2 <=25.0.0) +4 more potentially affected by CVE-2026-25521 via locutus (>=2.0.14 <=2.0.32)

locutus NPM version =2.0.14, =0.1.3, =0.0.2, =11.0.2, =2.1.1, =1.0.0, =1.0.66, =1.0.72 Source cves: CVE-2026-25521 Source advisory: SNYK:JS-LOCUTUS-15182766...

CVE-2025-55130 vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-52XJ-VX8W-46QJ vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2024-27982 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2024-22019 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2026-21637 vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-37V4-CWGP-X353 vulnerabilities

Vulnerabilities for packages: nodejs...