Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2025-1347)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1347 advisory. Use after free due to connection being cleaned up after error CVE-2025-62408 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus h...

Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway

Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on...

MAL-2025-141247 Malicious code in cressida-vuepress-nconf-xml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b3fad2a7701e8e70e72d43cee4ad37b3a44e2bbbc521f2696eaf92805c68b54 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

PT-2025-36966

Name of the Vulnerable Software and Affected Versions: DuckDB versions 1.3.3 @duckdb/node-api version 1.3.3 @duckdb/node-bindings version 1.3.3 @duckdb/duckdb-wasm version 1.29.2 Description: DuckDB packages distributed for Node.js on npm were compromised with malware intended to interfere with...

nodejs:22 security update

An update is available for module.nodejs-nodemon, nodejs, nodejs-nodemon, nodejs-packaging, module.nodejs, module.nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Important Photon OS Security Update - PHSA-2025-4.0-0839

Updates of 'nodejs' packages of Photon OS have been released...

Fedora: Security Advisory (FEDORA-2025-d4cc30bdfb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2025-0161 Updated nodejs packages fix security vulnerabilities

Corrupted pointer in node::fs::ReadFileUtf8const FunctionCallbackInfo& args when args0 is a string. CVE-2025-23165 Improper error handling in async cryptographic operations crashes process. CVE-2025-23166 Improper HTTP header block termination in llhttp. CVE-2025-23167...

Updated nodejs packages fix security vulnerabilities

Corrupted pointer in node::fs::ReadFileUtf8const FunctionCallbackInfo& args when args0 is a string. CVE-2025-23165 Improper error handling in async cryptographic operations crashes process. CVE-2025-23166 Improper HTTP header block termination in llhttp. CVE-2025-23167...

CVE-2024-37372 vulnerabilities

Vulnerabilities for packages: nodejs...

AlmaLinux 9 : nodejs:22 (ALSA-2025:7433)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:7433 advisory. c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 SQLite: integer overflow in SQLite CVE-2025-3277 Tenable has extracted the preceding...

20 bug fix and enhancement update

An update is available for nodejs-nodemon, nodejs-packaging, module.nodejs-packaging, module.nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

GHSA-356R-X8G9-VH8C vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-4R2R-CF85-VMC7 vulnerabilities

Vulnerabilities for packages: nodejs...

AlmaLinux 9 : nodejs:18 (ALSA-2025:1446)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:1446 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 Tenable has...

Updated nodejs packages fix security vulnerabilities

Worker permission bypass via InternalWorker leak in diagnostics. CVE-2025-23083 GOAWAY HTTP/2 frames cause memory leak outside heap. CVE-2025-23085...

CVE-2025-23090 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2024-27980 vulnerabilities

Vulnerabilities for packages: nodejs...

Important Photon OS Security Update - PHSA-2024-5.0-0318

Updates of 'nodejs' packages of Photon OS have been released...

MGASA-2024-0110 Updated nodejs packages fix security vulnerabilities

Nodejs 20.12.1 release fixes 2 CVE: CVE-2024-27983 - Assertion failed in node::http2::Http2Session::Http2Session leads to HTTP/2 server crash- High CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - Medium...