Linux Distros Unpatched Vulnerability : CVE-2020-24660

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL- based access control to protected Virtual Hosts by...

Linux Distros Unpatched Vulnerability : CVE-2025-23165

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-16 path buffer is allocated but subsequently...

Linux Distros Unpatched Vulnerability : CVE-2021-22939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If the Node.js https API was used incorrectly and undefined was in passed for the rejectUnauthorized parameter, no error was returned and connections to servers...

Linux Distros Unpatched Vulnerability : CVE-2018-21270

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number...

Linux Distros Unpatched Vulnerability : CVE-2021-44532

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 converts SANs Subject Alternative Names to a string format. It uses this string to check peer certificates against...

Linux Distros Unpatched Vulnerability : CVE-2018-7167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, t...

Linux Distros Unpatched Vulnerability : CVE-2024-21896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The permission model protects itself against path traversal attacks by calling path.resolve on any paths given by the user. If the path is to be treated as a...

MAL-2025-38466 Malicious code in vista-4gera-l3bm1-essence-project (npm)

The package vista-4gera-l3bm1-essence-project was found to contain malicious code...

MAL-2025-15661 Malicious code in biclique (npm)

The package biclique was found to contain malicious code...

MAL-2025-27679 Malicious code in nodejs-development-writable-celeste (npm)

The package nodejs-development-writable-celeste was found to contain malicious code...

MAL-2025-27668 Malicious code in node.js (npm)

The package node.js was found to contain malicious code...

MAL-2025-8565 Malicious code in @malware-test-coins-guess-felly-nerks/test-mlw3-coins-guess-felly-nerks (npm)

The package @malware-test-coins-guess-felly-nerks/test-mlw3-coins-guess-felly-nerks was found to contain malicious code...

MAL-2025-32926 Malicious code in selper (npm)

The package selper was found to contain malicious code...

SUSE CVE-2025-54798

tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4...

tmp 安全漏洞

tmp is a temporary file and directory creator for node.js by the individual developer KARASZI István. A security vulnerability exists in tmp 0.2.3 and earlier versions, which stems from a symbolic link parameter that could lead to arbitrary temporary file or directory writes...

Linux Distros Unpatched Vulnerability : CVE-2025-7339

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being...

HAXcms with nodejs backend 安全漏洞

HAXcms with nodejs backend is an open source backend management system from HAX The Web. A security vulnerability exists in HAXcms with nodejs backend version 11.0.9 and earlier, which stems from hardcoding default credentials and JWT private keys, which could lead to unauthorized access...

SUSE CVE-2025-27210

An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment from the Node.js open source. A security vulnerability exists in Node.js version v24.x, which stems from an improper implementation of string hash computation and could lead to a hash collision attack...

DEBIAN-CVE-2025-50182

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means...