Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Node.js

Summary There are multiple vulnerabilities in Node.js used by IBM Transformation Advisor. Vulnerability Details CVEID:CVE-2026-41238 DESCRIPTION: DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype...

RHEL 9 : nodejs:24 (RHSA-2026:7350)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7350 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

Node.js 安全漏洞

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. Versions 20.x, 22.x, 24.x, and 25.x of Node.js have security vulnerabilities. These vulnerabilities stem from HMAC verification using a comparison that does not maintain constant time, whi...

CVE-2026-21711

creationtimestamp| type| source ---|---|--- 2026-03-25 03:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/node-js-multiple-vulnerabilities20260325 2026-03-30 20:08:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3michpvz46r2t...

CVE-2026-21710

creationtimestamp| type| source ---|---|--- 2026-03-25 03:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/node-js-multiple-vulnerabilities20260325 2026-03-27 00:05:14+00:00| seen| https://bsky.app/profile/securitylab-jp.bsky.social/post/3mhyt2m5nl22l 2026-03-30 20:17:57+00:00| seen|...

Security Bulletin: Vulnerabilities in MongoDB, Python, Node.js, Golang Go, Linux kernel affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in MongoDB, Python, Node.js, Golang Go and Linux. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, query parameter smuggling, remote execution of...

MiracleLinux 9 : nodejs:18 (AXSA:2023-6072:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6072:01 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check...

Node.js security vulnerabilities

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. There are security vulnerabilities in Node.js, stemming from defects in buffer allocation logic. These vulnerabilities may lead to uninitialized memory leaks, resulting in the disclosure o...

EUVD-2020-0627

Malware in sbrugna...

EUVD-2019-15312

Malware in sbrugna...

EUVD-2025-3118

Malicious code in bioql PyPI...

EUVD-2021-31363

Malicious code in bioql PyPI...

EUVD-2024-19503

Malicious code in bioql PyPI...

GHSA-RRJV-57MM-J6CM vulnerabilities

Vulnerabilities for packages: nodejs...

Security Bulletin: Vulnerabilities in Node.js, Angular.js, Golang Go, Java, MongoDB, Linux kernel may affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, Angular.js, Golang Go, Java, MongoDB Linux. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, remote execution of arbitrary code on the system, and bypassing security...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js (CVE-2025-23165 & CVE-2025-23166) )

Summary IBM App Connect Enterprise is vulnerable to Missing Release of Memory after Effective Lifetime and Uncaught Exception due to Node.js. Vulnerability Details CVEID:CVE-2025-23165 DESCRIPTION: In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file...

Node.js 18.x < 18.20.6 / 20.x < 20.18.2 / 22.x < 22.13.1 / 23.x < 23.6.1 Multiple Vulnerabilities (Tuesday, January 21, 2025 Security Releases).

The version of Node.js installed on the remote host is prior to 18.20.6, 20.18.2, 22.13.1, 23.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Tuesday, January 21, 2025 Security Releases advisory. - A vulnerability has been identified in Node.js, specifically...

NewStart CGSL MAIN 7.02 : nodejs Multiple Vulnerabilities (NS-SA-2025-0123)

The remote NewStart CGSL host, running version MAIN 7.02, has nodejs packages installed that are affected by multiple vulnerabilities: - A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code...

Security Bulletin: Due to use of Nodejs Express.js, multiple vulnerabilities affect IBM Cloud Pak System[CVE-2024-43796, CVE-2024-43799, CVE-2024-43800]

Summary Multiple vulnerabilities in Send cross-site scripting XSS within the SendStream.redirect, serve-static built-in and response.redirect found in Node.js Express.js which is used by IBM Cloud Pak System. Vulnerabilities were addressed by IBM Cloud Pak System. Vulnerability Details...

Node.js 20.x < 20.19.4 / 22.x < 22.17.1 / 24.x < 24.4.1 Multiple Vulnerabilities (Tuesday, July 15, 2025 Security Releases).

The version of Node.js installed on the remote host is prior to 20.19.4, 22.17.1, 24.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Tuesday, July 15, 2025 Security Releases advisory. - The V8 release used in Node.js v24.0.0 has changed how string hashes are...