157 matches found
MiracleLinux 9 : nodejs-16.20.2-8.el9_4 (AXSA:2024-8149:02)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8149:02 advisory. nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of service...
MiracleLinux 9 : nodejs:20 (AXSA:2024-7667:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7667:01 advisory. nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTTP...
Node.js security vulnerabilities
Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. There are security vulnerabilities in Node.js, where the error related to the maximum call stack size when enabling asynchooks.createHook makes it impossible to catch certain exceptions,...
MiracleLinux 8 : nodejs:10 (AXSA:2021-1558:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1558:01 advisory. nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion CVE-2021-22883 nodejs: DNS rebinding in --inspect CVE-2021-22884 Tenable has...
MiracleLinux 7 : http-parser-2.7.1-8.el7 (AXSA:2019-4071:01)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-4071:01 advisory. nodejs: Denial of Service with large HTTP headers CVE-2018-12121 nodejs: HTTP parser allowed for spaces inside Content-Length header values...
Unity Linux 20.1070e Security Update: nodejs (UTSA-2025-680625)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680625 advisory. Accepting arbitrary Subject Alternative Name SAN types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained...
EUVD-2023-38212
Malicious code in bioql PyPI...
EUVD-2023-3146
Malicious code in bioql PyPI...
EUVD-2025-22261
Malicious code in bioql PyPI...
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check
Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory...
Linux Distros Unpatched Vulnerability : CVE-2014-7192
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other...
Security Bulletin: IBM Transformation Advisor is affected by vulnerability found in Node.js (CVE-2025-7338)
Summary There is a vulnerability in Node.js used by IBM Transformation Advisor, The issues have been addressed in an update. Vulnerability Details CVEID:CVE-2025-7338 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version...
Linux Distros Unpatched Vulnerability : CVE-2016-2086
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks vi...
Linux Distros Unpatched Vulnerability : CVE-2017-11499
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote D...
Linux Distros Unpatched Vulnerability : CVE-2021-33587
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...
Linux Distros Unpatched Vulnerability : CVE-2021-44533
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects...
23march (=1.0.0), @castyiglitchxz/alert-box-package (>=1.0.0 <=1.2.5) +30 more potentially affected by unknown CVE via node.js (=0.0.1-security)
node.js NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on node.js and may be impacted: - 23march =1.0.0 - @castyiglitchxz/alert-box-package =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.1, =1.0.5, =1.0.0, =1.2.5, =1.2.1, =0.0.1, =2.2.0...
Tenable Identity Exposure < 3.77.13(LTS) / 3.93.2 Vulnerable Nodejs (TNS-2025-16)
The version of Tenable Identity Exposure formerly Tenable.ad installed on the remote host is prior to 3.77.13LTS or 3.93.2. It therefore contains a version of Nodejs that could be vulnerable. Tenable has upgrade these components to address the potential impact of the issues. Note that Nessus has...
RockyLinux 9 : nodejs:20 (RLSA-2025:7426)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7426 advisory. c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 Tenable has extracted the preceding description block directly from the RockyLinux security...
RockyLinux 9 : nodejs:22 (RLSA-2025:8467)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:8467 advisory. nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 Tenable has extracted the preceding description block directly from the...