136 matches found
GHSA-9CCP-4GJG-264G vulnerabilities
Vulnerabilities for packages: nodejs...
GHSA-WV7P-RJF3-9FR5 vulnerabilities
Vulnerabilities for packages: nodejs...
GHSA-5VVM-WQC8-R5M8 vulnerabilities
Vulnerabilities for packages: nodejs...
RHEL 9 : nodejs:18 (RHSA-2025:1446)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1446 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
RHEL 9 : nodejs:20 (RHSA-2025:1443)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1443 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
ROS-20250212-15
A vulnerability in the diagnosticschannel utility of the Node.js software platform is related to incorrectly set security restrictions on diagnostic data processing. incorrectly set security restrictions when processing diagnostic data. Exploitation of the vulnerability could allow an attacker to...
Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-42461 DESCRIPTION: Node.js...
CVE-2025-23085
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...
CVE-2025-23085
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...
Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2025-822)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-822 advisory. Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js vulnerabilities [ CVE-2024-27982, CVE-2024-27983]
Summary Potential vulnerabilities in Node.js CVE-2024-27982, CVE-2024-27983 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-27982...
Security Bulletin: IBM Application Modernization Accelerator is vulnerable to multiple vulnerabilities found in Java and Node.js
Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator CVE-2024-52798, CVE-2024-21538, CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208, CVE-2024-10917, CVE-2024-47764. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION:...
SUSE SLES15 Security Update : nodejs20 (SUSE-SU-2025:0232-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0232-1 advisory. Update to 20.18.2: - CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics bsc1236251 -...
Node.js < 18.20.6, 20.x < 20.18.2, 21.x < 22.13.1, 23.x < 23.6.1 Multiple Vulnerabilities - Windows
Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...
Node.js < 18.20.6, 20.x < 20.18.2, 21.x < 22.13.1, 23.x < 23.6.1 Multiple Vulnerabilities - Mac OS X
Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...
CVE-2025-23090 vulnerabilities
Vulnerabilities for packages: nodejs...
Node.js 18.x < 18.20.6 / 20.x < 20.18.2 / 22.x < 22.13.1 / 23.x < 23.6.1 Multiple Vulnerabilities (Tuesday, January 21, 2025 Security Releases).
The version of Node.js installed on the remote host is prior to 18.20.6, 20.18.2, 22.13.1, 23.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Tuesday, January 21, 2025 Security Releases advisory. - A memory leak could occur when a remote peer abruptly closes the...
Security Bulletin: Vulnerabilities in Node.js Elliptic module may affect IBM watsonx Assistant for IBM Cloud Pak for Data
Summary Potential information disclosure vulnerabilities has been identified related toNode.js Elliptic module that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details...
BIT-NODE-MIN-2022-32213
The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...
Amazon Linux 2022 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2022-2022-013)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-013 advisory. An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations a...