CVE-2026-44289 vulnerabilities

Vulnerabilities for packages: gemini-cli, renovate, homepage, kibana, opentelemetry-auto-instrumentations-node, pulumi, kubeflow-centraldashboard, vitess, cadence-web, librechat...

Prometheus exporter process crash via malformed HTTP request

Summary A single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid URI causes an uncaught TypeError that terminates the process. You...