18 matches found
GHSA-6R7G-3MM3-FHW7 vulnerabilities
Vulnerabilities for packages: nodejs...
Important Photon OS Security Update - PHSA-2026-5.0-0814
Updates of 'nodejs' packages of Photon OS have been released...
Node.js Multiple Packages Embedded Malicious Code (CVE-2025-54313)
Multiple nodejs packages were embedded with malicious code. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows. The following nodejs packages and versions are affected: - @pkgr/core 0.2.8 - eslint-config-prettier 8.10.1, 9.1.1, 10.1.6,...
Security Bulletin: IBM Maximo Application Suite uses multiple nodejs pacakges which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791"
Summary IBM Maximo Application Suite uses multiple Node.js packages which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791". This bulletin contains information regarding the vulnerability and its fix. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...
CVE-2024-37372 vulnerabilities
Vulnerabilities for packages: nodejs...
Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway
Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a...
CVE-2025-23089 vulnerabilities
Vulnerabilities for packages: nodejs...
GHSA-QV9X-C8C9-RPR8 vulnerabilities
Vulnerabilities for packages: nodejs...
GHSA-FM6V-WMJP-5RXQ vulnerabilities
Vulnerabilities for packages: nodejs...
MGASA-2025-0041 Updated nodejs packages fix security vulnerabilities
Worker permission bypass via InternalWorker leak in diagnostics. CVE-2025-23083 GOAWAY HTTP/2 frames cause memory leak outside heap. CVE-2025-23085...
CVE-2025-23083 vulnerabilities
Vulnerabilities for packages: nodejs...
Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway
Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to...
RHSA-2016:1380 Red Hat Security Advisory: nodejs010-node-gyp and nodejs010-nodejs-qs security and bug fix update
Bulletin has no description...
MGASA-2022-0422 Updated nodejs packages fix security vulnerability
DNS rebinding in --inspect via invalid octal IP address CVE-2022-43548 In addition, 14.21.0 has provided the following changes: deps update corepack to 0.14.2 Node.js GitHub Bot 44775 src add --openssl-shared-config option Daniel Bevenius 43124...
proctree 操作系统命令注入漏洞
proctree is used to get or display the process tree. A security vulnerability exists in proctree 0.1.1 and earlier versions, which stems from the vulnerability of Node.js packages to a command injection attack that can be exploited by an attacker to remotely execute code on a machine running...
MGASA-2021-0592 Updated nodejs packages fix security vulnerability
HTTP Request Smuggling due to spaces in headers. The http parser accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS. CVE-2021-22959 HTTP Request Smuggling when parsing the body. The parse ignores chunk extensions when parsing...
MGASA-2021-0394 Updated nodejs packages fix security vulnerability
Updated nodejs packages fix security vulnerability: Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior CVE-2021-22930...
MGASA-2020-0372 Updated nodejs packages fix security vulnerabilities
The nodejs package has been updated to the latest version in the 10.x branch, which is 10.22.1 at this time. It fixes several security issues and other bugs. See the upstream changelog and advisories for details...