AlmaLinux 8 : nodejs:20 (ALSA-2025:8514)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:8514 advisory. nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 Tenable has extracted the preceding description block directly from the AlmaLinux securit...

AlmaLinux 9 : nodejs:22 (ALSA-2025:8467)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:8467 advisory. nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 Tenable has extracted the preceding description block directly from the AlmaLinux securit...

AlmaLinux 9 : nodejs:20 (ALSA-2025:8468)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:8468 advisory. nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 Tenable has extracted the preceding description block directly from the AlmaLinux securit...

AlmaLinux 8 : nodejs:22 (ALSA-2025:8506)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:8506 advisory. nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 Tenable has extracted the preceding description block directly from the AlmaLinux securit...

RHSA-2025:8467 Red Hat Security Advisory: nodejs:22 security update

Bulletin has no description...

nodejs: Memory Leak in Node.js ReadFileUtf8 Binding Leading to DoS

A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding...

Oracle Linux 9 : nodejs:20 (ELSA-2025-8468)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8468 advisory. nodejs 1:20.19.2-1 - Update to version 20.19.2 Resolves: RHEL-92865 RHEL-88876 RHEL-91597 nodejs-nodemon nodejs-packaging Tenable has extracted the preceding...

ALSA-2025:8506 Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 For more details about the security issues, including the impact, a CVSS...

RHEL 8 : nodejs:22 (RHSA-2025:8506)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8506 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

nodejs:22 security update

nodejs 1:22.15-1-1 - Update to 22.16.0 Fixes: CVE-2025-23166 - Resolves: RHEL-91596 RHEL-92859 1:22.15.0-1 - Update to 22.15.0 - Drop upstream patches 1:22.13.1-4 - Patch fix for sqlite CVE-2025-31498 Resolves: RHEL-87300 1:22.13.1-3 - Update c-ares to newest version with fix for CVE-2025-31498...

RHEL 8 : nodejs:20 (RHSA-2025:8514)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8514 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

Oracle Linux 9 : nodejs:22 (ELSA-2025-8467)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8467 advisory. nodejs 1:22.16.0-1 - Update to 22.16.0 Resolves: RHEL-89600 RHEL-92872 RHEL-92420 Tenable has extracted the preceding description block directly from the Oracle...

nodejs: Memory Leak in Node.js ReadFileUtf8 Binding Leading to DoS

A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding...

nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js

A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits. This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread...

nodejs-electron-35.5.0-1.1 on GA media (moderate)

nodejs-electron-35.5.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15182-1 Rating: moderate Cross-References: CVE-2025-4609 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

Photon OS 4.0: Nodejs PHSA-2025-4.0-0807

An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0807. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

OPENSUSE-SU-2025:15182-1 nodejs-electron-35.5.0-1.1 on GA media

These are all security issues fixed in the nodejs-electron-35.5.0-1.1 package on the GA media of openSUSE Tumbleweed...

Critical Photon OS Security Update - PHSA-2025-4.0-0807

Updates of 'nodejs', 'rubygem-nokogiri', 'libsoup', 'python3-mako', 'gobgp' packages of Photon OS have been released...

AZL-69692 CVE-2025-5222 affecting package nodejs for versions less than 20.14.0-10

A stack buffer overflow was found in Internationl components for unicode ICU . While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution...

Malicious code in logbin-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0a860d6b1a8b2741117f04c81b0ef43eca85327c678e2a3a4082ea92af9d2b58 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...