83 matches found
EUVD-2022-1369
Malicious code in bioql PyPI...
EUVD-2025-22414
Malicious code in bioql PyPI...
Denial Of Service (DoS)
Axios is vulnerable to Denial-of-Service. The vulnerability is due to improper handling of data: scheme URLs, where the Node.js HTTP adapter decodes the entire payload into memory and ignores size limits, allowing attackers to supply a very large data URI to cause unbounded memory allocation and...
CVE-2025-58047 Volto affected by possible DoS by invoking specific URL by anonymous user
Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when...
Linux Distros Unpatched Vulnerability : CVE-2019-5739
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated...
MAL-2025-26385 Malicious code in mindspin (npm)
The package mindspin was found to contain malicious code...
Node.js 安全漏洞
Node.js is an open source, cross-platform JavaScript runtime environment from the Node.js open source. A security vulnerability exists in Node.js version v24.x, which stems from an improper implementation of string hash computation and could lead to a hash collision attack...
ALSA-2025:8493 Important: nodejs22 security update
Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...
[SECURITY] Fedora 42 Update: nodejs20-20.19.2-1.fc42
Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...
GHSA-2XV9-GHH9-XC69 radashi Allows Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Impact This is a prototype pollution vulnerability. It impacts users of the set function within the Radashi library. If an attacker can control parts of the path argument to the set function, they could potentially modify the prototype of all objects in the JavaScript runtime, leading to unexpect...
编号撤回
Node.js is an open source, cross-platform JavaScript runtime environment from Node.js Open Source. This CVE number has been withdrawn...
QuickJS 安全漏洞
QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS 0.8.0 and earlier versions, which stems from a stack buffer overflow in the JSGetRuntime function...
[SECURITY] Fedora 40 Update: nodejs20-20.18.2-2.fc40
Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...
[SECURITY] Fedora 40 Update: nodejs18-18.20.6-1.fc40
Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...
编号撤回
Node.js is an open source, cross-platform JavaScript runtime environment from Node.js Open Source. This CVE number has been withdrawn...
op_panic in the base runtime can force a panic in the runtime's containing thread
Affected versions use denocore releases that expose Deno.core.ops.oppanic to the JS runtime in the base core This function when called triggers a manual panic in the thread containing the runtime. It can be fixed by stubbing out the exposed op: javascript Deno.core.ops.oppanic = msg = throw new...
PT-2024-40950 · Deno · Deno
Name of the Vulnerable Software and Affected Versions: Deno affected versions not specified Description: The issue arises from the exposure of Deno.core.ops.op panic to the JS runtime in the base core, which can trigger a manual panic in the thread containing the runtime when called...
nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service
A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability stems from the fetch function in Node.js that always decodes Brotli, making it possible for an attacker to caus...
USN-6822-1: Node.js vulnerabilities
It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass the policy mechanism. CVE-2023-32002,...
PT-2024-25176 · Quickjs +2 · Quickjs +2
Name of the Vulnerable Software and Affected Versions: QuickJS version 3b45d15 Description: The issue is related to an Assertion Failure via JS FreeRuntimeJSRuntime at quickjs.c. Recommendations: For QuickJS version 3b45d15, consider avoiding the use of JS FreeRuntimeJSRuntime until a patch is...