Moderate: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 For more details about the security issues, including the impact, a CVSS score,...

Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 SQLite: integer overflow in SQLite CVE-2025-3277 For more details about the...

DLA-4152-1 nodejs - security update

Bulletin has no description...

Security Bulletin: IBM Controller is affected by vulnerabilities

Summary There are vulnerabilities in IBM® Websphere Application Server Liberty and Open-Source Software OSS components used by IBM Controller. Additionally, due to weak password requirements, IBM Controller is susceptible to compromised user accounts. Please refer to the table in the Related...

CVE-2025-29774

xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. Th...

CVE-2024-28607

CVE-2024-28607 affects the ip-utils package for Node.js up to version 2.4.0. The root cause is a faulty isPrivate check that can misclassify certain IPs (e.g., 0x7f.1) as globally routable, enabling SSRF. Documented impacts are SSRF risk; no explicit remediation or patch/version guidance is prese...

Linux Distros Unpatched Vulnerability : CVE-2024-22020

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2023-32006

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This...

Linux Distros Unpatched Vulnerability : CVE-2021-33502

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has...

RLSA-2025:1613 Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083...

nodejs:22 security update

An update is available for module.nodejs-nodemon, nodejs-packaging, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

RLSA-2025:1582 Moderate: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 For mor...

nodejs:22 security update

An update is available for module.nodejs-packaging, nodejs-nodemon, nodejs-packaging, module.nodejs-nodemon, nodejs, module.nodejs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RLSA-2025:1611 Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083...

[SECURITY] [DLA 4067-1] nodejs security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4067-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès February 25, 2025 https://wiki.debian.org/LTS -...

DLA-4067-1 nodejs - security update

Bulletin has no description...

nodejs:22 security update

nodejs 1:22.13.1-1 - Update to version 22.13.1 Fixes CVE-2025-23083 CVE-2025-23085 CVE-2025-22150 Resolves: RHEL-76354 1:22.11.0-1 - Update to version 22.11.0 22.4.1-4 - Initial import of nodeJS 22 nodejs-nodemon nodejs-packaging...

Important: Red Hat Security Advisory: nodejs:22 security update

An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: nodejs:18 security update

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHSA-2025:1522 Red Hat Security Advisory: nodejs:20 security update

Bulletin has no description...