CVE-2026-44289 vulnerabilities

Vulnerabilities for packages: cadence-web, renovate, homepage, opentelemetry-auto-instrumentations-node, gemini-cli, kibana, pulumi, vitess, librechat, kubeflow-centraldashboard...

Prometheus exporter process crash via malformed HTTP request

Summary A single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid URI causes an uncaught TypeError that terminates the process. You...