CVE-2025-25283

parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from...

RHSA-2025:1443 Red Hat Security Advisory: nodejs:20 security update

Bulletin has no description...

RHEL 9 : nodejs:18 (RHSA-2025:1446)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1446 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

nodejs:20 security update

nodejs 1:20.18.2 - Update to version 20.18.2 Fixes: CVE-2025-23083 CVE-2025-23085 CVE-2025-22150 Resolves: RHEL-76363 RHEL-76554 RHEL-76540 1:20.18.1-1 - Update to version 20.18.1 nodejs-nodemon nodejs-packaging...

nodejs:18 security update

nodejs 1:18.20.6-1 - Update to version 18.20.6 Resolves: RHEL-76801 Fixes: CVE-2025-23085 1:18.20.4-1 - Update to 18.20.4 Fixes: CVE-2024-22020 CVE-2024-28863 nodejs-nodemon nodejs-packaging...

CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2024-22020)

The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22020 advisory. - A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-netwo...

RHEL 9 : nodejs:20 (RHSA-2025:1443)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1443 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

Oracle Linux 9 : nodejs:20 (ELSA-2025-1443)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-1443 advisory. - Update to version 20.18.2 Fixes: CVE-2025-23083 CVE-2025-23085 CVE-2025-22150 Resolves: RHEL-76363 RHEL-76554 RHEL-76540 Tenable has extracted the...

Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2024-21892)

The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21892 advisory. - On Linux, Node.js ignores certain environment variables if those May have been set by an...

RockyLinux 9 : nodejs:20 (RLSA-2025:1443)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:1443 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083 nodejs:...

nodejs:20 security update

An update is available for module.nodejs-nodemon, nodejs-packaging, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

nodejs:18 security update

An update is available for module.nodejs-nodemon, nodejs-packaging, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

RLSA-2025:1443 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083...

RLSA-2025:1446 Moderate: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 For mor...

22 bug fix and enhancement update

An update is available for module.nodejs-packaging, nodejs-nodemon, nodejs-packaging, module.nodejs-nodemon, nodejs, module.nodejs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

nodejs:20 security update

An update is available for module.nodejs-packaging, nodejs-nodemon, nodejs-packaging, module.nodejs-nodemon, nodejs, module.nodejs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RLSA-2025:1351 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083...

Moderate: Red Hat Security Advisory: nodejs:18 security update

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap

A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an...