nodejs:22 security update

nodejs 1:22.16.0-2 - Patch fix for sqlite CVE-2025-6965 Resolves: RHEL-103835 1:22.15-1-1 - Update to 22.16.0 Fixes: CVE-2025-23166 - Resolves: RHEL-91596 RHEL-92859 1:22.15.0-1 - Update to 22.15.0 - Drop upstream patches 1:22.13.1-4 - Patch fix for sqlite CVE-2025-31498 Resolves: RHEL-87300...

RHEL 9 : nodejs:22 (RHSA-2025:11802)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:11802 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixe...

NewStart CGSL MAIN 7.02 : nodejs Multiple Vulnerabilities (NS-SA-2025-0123)

The remote NewStart CGSL host, running version MAIN 7.02, has nodejs packages installed that are affected by multiple vulnerabilities: - A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code...

K000152702: Node.js vulnerability CVE-2025-27209

Security Advisory Description The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can...

BIT-NODE-MIN-2025-27210

An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...

BIT-NODE-2025-27210

An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...

BIT-NODE-MIN-2025-27209

The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can generate collisions even witho...

BIT-NODE-2025-27209

The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can generate collisions even witho...

HAXcms with nodejs backend 跨站脚本漏洞

HAXcms with nodejs backend is an open source backend management system from HAX The Web. A cross-site scripting vulnerability exists in HAXcms with nodejs backend version 11.0.7 and earlier, which stems from disabling content security policies and could lead to cross-site scripting attacks...

CVE-2025-27209

A flaw was found in nodejs. The V8 component’s rapidhash implementation introduces a HashDoS vulnerability, allowing an attacker who can control the strings being hashed to trigger excessive CPU usage by generating numerous hash collisions. This exploitation vector results in an application level...

CVE-2025-27210

An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...

CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2025-23166)

The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23166 advisory. - The C++ method SignTraits::DeriveBits May incorrectly call ThrowException based on user-supplied...

Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2025-23166)

The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23166 advisory. - The C++ method SignTraits::DeriveBits May incorrectly call ThrowException based on user-supplied...

CVE-2025-27209

The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can generate collisions even witho...

CVE-2025-27210

An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...

CVE-2025-27209

The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can generate collisions even witho...

CVE-2025-27210

Node.js on Windows is affected by a path.join handling vulnerability affecting drive names (CON, PRN, AUX). CVE-2025-27210 notes an incomplete fix for CVE-2025-23084, indicating Windows device-name handling was not treated as special, causing a path that should be relative to be interpreted with ...

CVE-2025-27210

An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...

CVE-2025-27210

An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...

CVE-2025-27209

The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can generate collisions even witho...