CVE-2025-47153

Certain build processes for libuv and Node.js for 32-bit systems, such as for the nodejs binary package through nodejs20.19.0+dfsg-2i386.deb for Debian GNU/Linux, have an inconsistent offt size e.g., building on i386 Debian always uses FILEOFFSETBITS=64 for the libuv dynamic library, but uses the...

CVE-2025-47153

CVE-2025-47153 concerns build-time handling on 32-bit systems (i386) where libuv binaries and Node.js binaries are built with inconsistent off_t sizing. Specifically, 32-bit Debian builds may set _FILE_OFFSET_BITS=64 for the libuv dynamic library but rely on the system default (32) for nodejs, ca...

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment from the Node.js open source. A security vulnerability exists in Node.js that stems from an inconsistent offt size, which could lead to out-of-bounds access...

Debian dla-4152 : libnode-dev - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4152 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4152-1 [email protected] https://www.debian.org/lts/security/...

PT-2025-18371 · Libuv +2 · Libuv +2

Name of the Vulnerable Software and Affected Versions: libuv and Node.js versions prior to nodejs 20.19.0+dfsg-2 i386.deb Description: The issue arises from certain build processes for libuv and Node.js on 32-bit systems, where the off t size is inconsistent. This inconsistency occurs because the...

Security Bulletin: IBM Spectrum Symphony with Node.js various security issues

Summary IBM Spectrum Symphony with Node.js various security issues Vulnerability Details CVEID:CVE-2023-23920 DESCRIPTION: Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request using ICUDATA...

USN-7469-3: Node.js vulnerability

USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update provides the corresponding updates for Node.js. Original advisory details: It was discovered that Apache Traffic Server exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issu...

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to Node.js

Summary Vulnerabilities in Node.js such as remote attacker bypass security restrictions may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2023-30581 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the use of proto in...

Security Bulletin: IBM Security Verify Information Queue discloses sensitive information in source code (CVE-2021-20407)

Summary The source code for a Node.js package used by IBM Security Verify Information Queue ISIQ includes the email address of one of the developers of the package. As of v10.0.0, ISIQ is now hiding this sensitive information. Vulnerability Details CVEID:CVE-2021-20407 DESCRIPTION: IBM Security...

Security Bulletin: Multiple Vulnerabilities in IBM webMethods Integration

Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods Integration 11.1 Vulnerability Details CVEID:CVE-2024-34397 DESCRIPTION: GNOME GLib could allow a remote attacker to conduct spoofing attacks, caused by a flaw when a GDBus-based client subscribes to...

Node.js Test CI Security Incident

Node.js Test CI Security Incident Update 23-April-2025 Node.js Test CI Security Incident – Full Disclosure Summary On March 21, 2025, we received a security report via HackerOne link restricted at time of writing, detailing a successful compromise of several Node.js test CI hosts. According to th...

Exploit for Improper Access Control in Rejetto Http_File_Server

Node.js HFS 명령어 실행 취약점 CVE-2024-39943 화이트햇 스쿨 3기 – 노정민 @...

CVE-2025-32442

Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0 as well as version 4.29.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a slightly altered content type such as...

CVE-2025-32442 Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass

Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0 as well as version 4.29.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a slightly altered content type such as...

CVE-2025-32442 Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass

Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0 as well as version 4.29.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a slightly altered content type such as...

Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers

Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first detected in October 2024, uses lures related to cryptocurrency trading to trick users into installing ...

Exploit for CVE-2025-29775

SAMLStorm CVE-2025-29775 Lab Environment !Educationalhtt...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js modules axios and xml-crypto (CVE-2025-27152, CVE-2025-29774, CVE-2025-29775 and CVE-2024-57965)

Summary IBM App Connect Enterprise runtime, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to multiple vulnerabilities due to Node.js modules axios and xml-crypto. Vulnerability Details CVEID:CVE-2025-27152...

Threat actors misuse Node.js to deliver malware and other malicious payloads

Since October 2024, Microsoft Defender Experts DEX has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to information theft and data exfiltration. While traditional scripting languages like Python, PHP, and...

Security Bulletin: IBM Fusion HCI and IBM Fusion are vulnerable to denial of service due to Node.js, isaacs node-tar, ShowdownJS

Summary IBM Fusion HCI and IBM Fusion's graphical user interface are vulnerable to a denial of service due to Node.js, isaacs node-tar, and ShowdownJS. CVE-2024-4068, CVE-2024-28863, CVE-2024-1899. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: Node.js braces module is vulnerable to a...