CVE-2022-39299

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML elemen...

CVE-2020-13537

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority us...

CVE-2020-13536

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority...

CVE-2024-43373

webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving...

CVE-2024-21532

All versions of the package ggit are vulnerable to Command Injection via the fetchTagsbranch API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec Node.js child process API...

CVE-2024-47183

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and...

CVE-2024-32652

The adapter @hono/node-server allows you to run your Hono application on Node.js. Prior to 1.10.1, the application hangs when receiving a Host header with a value that @hono/node-server can't handle well. Invalid values are those that cannot be parsed by the URL as a hostname such as an empty...

CVE-2024-27935

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets o...

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2025-822)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-822 advisory. Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is...

CVE-2024-39943

rejetto HFS aka HTTP File Server 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users if they have Upload permissions. This occurs because a shell is used to execute df i.e., with execSync instead of spawnSync in childprocess in Node.js...

CVE-2024-53843

@dapperduckling/keycloak-connector-server is an opinionated series of libraries for Node.js applications and frontend clients to interface with keycloak. A Reflected Cross-Site Scripting XSS vulnerability was discovered in the authentication flow of the application. This issue arises due to...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js vulnerabilities [ CVE-2024-27982, CVE-2024-27983]

Summary Potential vulnerabilities in Node.js CVE-2024-27982, CVE-2024-27983 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-27982...

Security Bulletin: Vulnerabilities in Node.js, Golang Go, HTTP/2, NGINX, OpenSSH, Linux kernel might affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, Golang Go, HTTP/2, NGINX, OpenSSH and Linux. Vulnerabilities include, causing a denial-of-service condition, the elevation of privileges, remote execution of arbitrary code, HTTP header injection, HTML injection,...

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run Designer Flows containing event nodes are vulnerable to loss of confidentiality [CVE-2024-38372]

Summary Node.js undici module is used by IBM App Connect Enterprise Certified Container for HTTP calls. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run Designer flows that contain event nodes are vulnerable to loss of confidentiality. This...

MAL-2025-772 Malicious code in @marfeel/eslint-config-node (npm)

--- -= Per source details. Do not edit below this line.=-...

[SECURITY] Fedora 40 Update: nodejs20-20.18.2-2.fc40

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

[SECURITY] Fedora 40 Update: nodejs18-18.20.6-1.fc40

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

[SECURITY] Fedora 41 Update: nodejs20-20.18.2-2.fc41

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

[SECURITY] Fedora 41 Update: nodejs18-18.20.6-1.fc41

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...