7911 matches found
OESA-2025-1519 nodejs security update
Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js...
CVE-2025-47279
Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, th...
AZL-61895 CVE-2025-47279 affecting package nodejs18 for versions less than 18.20.3-6
Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, th...
CVE-2025-47279
CVE-2025-47279 — Undici (Node.js HTTP/1.1 client) : A memory leak can occur in webhook-like usage when an attacker runs a server with an invalid TLS certificate and forces repeated webhook calls. The issue is fixed in Undici versions 5.29.0, 6.21.2, and 7.5.0. As a workaround, avoid calling a web...
CVE-2025-47279 undici Denial of Service attack via bad certificate data
Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, th...
CVE-2025-47279 undici Denial of Service attack via bad certificate data
Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, th...
CVE-2025-47279
Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, th...
Node.js 20.x < 20.19.2 / 22.x < 22.15.1 / 22.x < 22.15.1 / 23.x < 23.11.1 / 24.x < 24.0.2 Multiple Vulnerabilities (Wednesday, May 14, 2025 Security Releases).
The version of Node.js installed on the remote host is prior to 20.19.2, 22.15.1, 22.15.1, 23.11.1, 24.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the Wednesday, May 14, 2025 Security Releases advisory. - In Node.js, the ReadFileUtf8 internal binding leaks memory...
RHSA-2025:7537 Red Hat Security Advisory: nodejs:20 security update
Bulletin has no description...
RHSA-2025:7433 Red Hat Security Advisory: nodejs:22 security update
Bulletin has no description...
RHSA-2025:7426 Red Hat Security Advisory: nodejs:20 security update
Bulletin has no description...
Wednesday, May 14, 2025 Security Releases
Wednesday, May 14, 2025 Security Releases Security releases available Updates are now available for the 24.x, 23.x, 22.x, 20.x Node.js release lines for the following issues. Improper error handling in async cryptographic operations crashes process CVE-2025-23166 - high The C++ method...
Alibaba Cloud Linux 3 : 0056: nodejs:14 (ALINUX3-SA-2021:0056)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0056 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-22918: Node.js before 16.4.1,...
Alibaba Cloud Linux 3 : 0072: nodejs:14 (ALINUX3-SA-2021:0072)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0072 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-22930: RESERVED This candidate ha...
GLSA-202505-11 : Node.js: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202505-11 Node.js: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...
RHEL 9 : nodejs:20 (RHSA-2025:7537)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7537 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes...
Alibaba Cloud Linux 3 : 0022: nodejs:14 (ALINUX3-SA-2021:0022)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0022 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-10531: An issue was discovered in...
Alibaba Cloud Linux 3 : 0247: nodejs:20 (ALINUX3-SA-2024:0247)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0247 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-39331: A previously disclosed...
Node.js: Multiple Vulnerabilities
Background Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Description Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround Ther...
Alibaba Cloud Linux 3 : 0026: nodejs:14 (ALINUX3-SA-2023:0026)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0026 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-44906: Minimist =1.2.5 is...