[SECURITY] [DLA 4598-1] nodejs security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4598-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 24, 2026 https://wiki.debian.org/LTS -...

RLSA-2026:7896 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophi...

nodejs:22 security update

An update is available for nodejs, module.nodejs-packaging, nodejs-packaging, module.nodejs, nodejs-nodemon, module.nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Updated nodejs packages fix security vulnerabilities

Incomplete fix for CVE-2026-21637: loadSNI in tlswrap.js lacks try/catch leading to Remote DoS. CVE-2026-21637 Denial of Service via proto header name in req.headersDistinct Uncaught TypeError crashes Node.js process. CVE-2026-21710 Timing side-channel in HMAC verification via memcmp in...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via FileHandle.chmod or FileHandle.chown functions which can use a "read-only" file descriptor to change the owner and permissions of a file. Notes: - This is only exploitable for users using the experimental...

RLSA-2026:2783 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service...

nodejs:24 security update

An update is available for nodejs, nodejs-nodemon, module.nodejs-packaging, nodejs-packaging, module.nodejs, module.nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

ALSA-2026:1843 Important: nodejs22 security update

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating system. The vulnerability, tracked as CVE-2026-22709 , carries a CVSS score of 9.8 out of 10.0 on...

Node.js security vulnerabilities

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. Version v25 of Node.js contains a security vulnerability. This vulnerability stems from a flaw in the permission model, allowing Unix domain sockets to bypass network restrictions. This...

nodejs:18 security update

An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

EUVD-2019-0330

Malware in sbrugna...

RockyLinux 8 : nodejs:20 (RLSA-2025:4461)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:4461 advisory. c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 Tenable has extracted the preceding description block directly from the RockyLinux security...

Important: Red Hat Security Advisory: nodejs:22 security update

An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2025-54137

HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change...

Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2025-47279)

The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-47279 advisory. - Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applicatio...

Photon OS 4.0: Nodejs PHSA-2025-4.0-0820

An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0820. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

RHSA-2025:8467 Red Hat Security Advisory: nodejs:22 security update

Bulletin has no description...

[ASA-202505-8] nodejs-lts-iron: multiple issues

Arch Linux Security Advisory ASA-202505-8 ========================================= Severity: High Date : 2025-05-18 CVE-ID : CVE-2025-23165 CVE-2025-23166 CVE-2025-23167 Package : nodejs-lts-iron Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2873 Summary ======= T...

RHSA-2025:4461 Red Hat Security Advisory: nodejs:20 security update

Bulletin has no description...