SUSE SLES15 Security Update : nodejs20 (SUSE-SU-2026:1363-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1363-1 advisory. Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism...

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header

A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named proto. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an...

SUSE-SU-2026:1371-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

SUSE-SU-2026:1363-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

nodejs24 security update

An update is available for nodejs24. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a platform built on Chrome's JavaScript runtime for easily...

RHSA-2026:7983 Red Hat Security Advisory: nodejs:22 security update

Bulletin has no description...

HackerOne: CVE-2026-21637 TLS PSK/ALPN Callback Exceptions Bypass Error Handlers

CVE-2026-21637 is regarding a vulnerability in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError...

RHSA-2026:7896 Red Hat Security Advisory: nodejs:20 security update

Bulletin has no description...

Exploit for CVE-2025-69993

Leaflet XSS POC Proof of Concept for CVE-2025-69993 — XSS vul...

CVE-2026-21715 affecting package nodejs24 for versions less than 24.14.1-1

CVE-2026-21715 affecting package nodejs24 for versions less than 24.14.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-21713 affecting package nodejs24 for versions less than 24.14.1-1

CVE-2026-21713 affecting package nodejs24 for versions less than 24.14.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-21714 affecting package nodejs24 for versions less than 24.14.1-1

CVE-2026-21714 affecting package nodejs24 for versions less than 24.14.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-21710 affecting package nodejs24 for versions less than 24.14.1-1

CVE-2026-21710 affecting package nodejs24 for versions less than 24.14.1-1. An upgraded version of the package is available that resolves this issue...

RLSA-2026:7896 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophi...

nodejs:20 security update

An update is available for nodejs, module.nodejs-packaging, nodejs-packaging, module.nodejs, nodejs-nodemon, module.nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

nodejs:20 security update

nodejs 1:20.20.2-1 - Update to version 20.20.2 Patch nghttp2 to version 1.68.1 and disable tests which would fail due to this change. Resolves: RHEL-164336 Fixes: CVE-2026-27135 CVE-2026-27904 CVE-2026-26996 CVE-2026-25547 CVE-2026-21710 nodejs-nodemon 3.0.1-1 - Rebase to 3.0.1 - Resolves:...

SUSE SLES15 Security Update : nodejs24 (SUSE-SU-2026:1299-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1299-1 advisory. - Update to 24.14.1 - CVE-2026-21637: synchronous exceptions thrown during certain callbacks bypass the standard TLS error handling...

Oracle Linux 9 : nodejs:20 (ELSA-2026-7896)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7896 advisory. - Update to version 20.20.2 Patch nghttp2 to version 1.68.1 and disable tests which would fail due to this change. Resolves: RHEL-164336 Fixes:...

RHEL 9 : nodejs:22 (RHSA-2026:7983)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7983 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...