RLSA-2026:7675 Important: nodejs24 security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Tesseract 安全漏洞

Tesseract is an OCR image text recognition library developed by Nazim Gafarov for a Node.js platform. Versions of Tesseract 2.2.1 and earlier contained security vulnerabilities, which were caused by unvalidated file path parameters, potentially leading to OS command injection attacks...

MAL-2025-158114 Malicious code in lina-poke31 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af3c2cfa15f3eec0d017b74b0ba31111eceef7f6f32da78b94956d0961f6f20d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

ROS-20251006-10

A vulnerability in the permissions model of the Node.js software platform is related to flaws in the processing of HTTP requests. Exploitation of the vulnerability could allow a remote attacker to bypass existing security restrictions and send unauthorized requests. existing security restrictions...

Linux Distros Unpatched Vulnerability : CVE-2024-36137

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission...

The vulnerability of the V8 component of the Node.js software platform, which allows a hacker to trigger a service failure

The vulnerability of the V8 component of the Node.js software platform is related to the lack of memory release after the effective lifespan of the component. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the pbkdf2 library in the Node.js software platform, which allows attackers to forge digital signatures

The vulnerability of the pbkdf2 library in the Node.js software platform is related to deficiencies in the mechanism for verifying input data. Exploiting this vulnerability allows a malicious actor to forge digital signatures by sending specially crafted packets...

SUSE CVE-2024-21534

All versions of the package jsonpath-plus are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. Note: There were several attempts to fix it in versions 10.0.0-10.1...

UBUNTU-CVE-2023-39333

Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability...

The vulnerability of the client HTTP/1.1 and the Node.js software platform allows a perpetrator to execute arbitrary code.

The vulnerability of the HTTP/1.1 client and the Node.js software platform is related to lack of access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the npm-user-validate package on the Node.js software platform allows a perpetrator to trigger a service failure.

The vulnerability of the npm-user-validate package on the Node.js software platform is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

The vulnerability of the Node.js software platform, related to incorrect restrictions on path names for directories with restricted access, allows attackers to compromise the integrity of protected information.

The vulnerability of the Node.js software platform is related to incorrect restrictions on the path name of the restricted access directory. Exploiting this vulnerability allows a malicious actor to influence the integrity of the protected information from a remote location...

DEBIAN-CVE-2023-32559

A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsyn...

The vulnerability of the minimatch library on the Node.js software platform allows a attacker to perform a type of attack known as “denial-of-service attack”.

The vulnerability of the minimatch library on the Node.js software platform is related to an uncontrolled resource consumption. Exploiting this vulnerability allows a remote attacker to execute a “denial-of-service” attack using regular expressions...

The vulnerability of the Node.js software platform, related to data encryption errors, allows a hacker to trigger a service failure.

The vulnerability of the Node.js software platform is related to data encryption errors. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the npm systeminformation package on the Node.js software platform allows a hacker to execute arbitrary commands.

The vulnerability of the npm systeminformation package on Node.js platforms exists due to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

SUSE CVE-2015-8855

The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS."...

Eta 跨站脚本漏洞

Eta is Eta open source a lightweight , fast embedded JS template engine . Can run in Node, Deno and browser . A cross-site scripting vulnerability exists in Eta. An attacker could exploit this vulnerability to perform cross-site scripting attacks...

nodejs-json-schema: Prototype pollution vulnerability

The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code...

GHSA-CV76-RV4H-4MQC OS Command Injection in proctree

OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function...