SUSE-SU-2025:02045-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.19.2: - CVE-2025-23166: improper error handling in async cryptographic operations crashes process bsc1243218. - CVE-2025-23167: improper HTTP header block termination in llhttp bsc1243220. - CVE-2025-23165: add missing call to...

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.19.2: CVE-2025-23166: improper error handling in async cryptographic operations crashes process bsc1243218. CVE-2025-23167: improper HTTP header block termination in llhttp bsc1243220. CVE-2025-23165: add missing call to...

SUSE-SU-2025:02039-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.19.2: - CVE-2025-23166: improper error handling in async cryptographic operations crashes process bsc1243218. - CVE-2025-23167: improper HTTP header block termination in llhttp bsc1243220. - CVE-2025-23165: add missing call to...

UBUNTU-CVE-2025-50182

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means...

CVE-2025-50182

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means...

TencentOS Server 3: nodejs (TSSA-2023:0002)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0002 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

openSUSE Security Advisory (SUSE-SU-2025:01878-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : nodejs:20 (ELSA-2025-8514)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8514 advisory. - Update to version 20.19.2 Fixes: CVE-2025-23166 Resolves: RHEL-91595 RHEL-89598 RHEL-92854 - Update c-ares to 1.34.5 to address CVE-2025-31498 - Update to...

Malicious code in console-color-nodejs (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-5028 Malicious code in console-color-nodejs (npm)

The package communicates with a domain associated with malicious activity...

RHSA-2025:8902 Red Hat Security Advisory: nodejs:20 security update

Bulletin has no description...

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

SUSE-SU-2025:01879-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.15.1. Security issues fixed: - CVE-2025-23166: remotely triggerable process crash due to improper error handling in async cryptographic operations bsc1243218. - CVE-2025-23165: memory leak and unbounded memory growth due to...

Malicious code in javascript-heap (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 83e06344668ac9569d6453b98d15e492e35ad313b880f085c08f7600b977a837 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Important: nodejs22

Issue Overview: Corrupted pointer in node::fs::ReadFileUtf8const FunctionCallbackInfo& args when args0 is a string, resulting in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service. Info:...

@haxtheweb/create (>=0.1.3 <=25.0.0), @haxtheweb/open-apis (>=11.0.2 <=11.0.3) potentially affected by CVE-2025-49141 via @haxtheweb/haxcms-nodejs (>=0.0.13 <=11.0.15)

@haxtheweb/haxcms-nodejs NPM version =0.0.13, =0.1.3, =11.0.2, =11.0.3 Source cves: CVE-2025-49141 Source advisory: OSV:GHSA-G4CF-PP4X-HQGW...

AZL-63707 CVE-2025-5889 affecting package nodejs-nodemon 2.0.3-4

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely...

AZL-63881 CVE-2025-5889 affecting package nodejs18 for versions less than 18.20.3-9

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely...

@haxtheweb/create (>=0.1.3 <=11.0.2), @haxtheweb/open-apis (=11.0.2) potentially affected by CVE-2025-49139 via @haxtheweb/haxcms-nodejs (>=0.0.13 <=10.0.6)

@haxtheweb/haxcms-nodejs NPM version =0.0.13, =0.1.3, =11.0.2 - @haxtheweb/open-apis =11.0.2 Source cves: CVE-2025-49139 Source advisory: OSV:GHSA-V3PH-2Q5Q-CG88...

RHSA-2025:8514 Red Hat Security Advisory: nodejs:20 security update

Bulletin has no description...