SUSE CVE-2025-23167

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by...

Moderate: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Alibaba Cloud Linux 3 : 0165: nodejs:14 (ALINUX3-SA-2022:0165)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0165 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-32212: A OS Command Injection...

Alibaba Cloud Linux 3 : 0014: nodejs:14 (ALINUX3-SA-2022:0014)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0014 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-28469: This affects the package...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the SignTraits::DeriveBits function, which incorrectly invokes ThrowException based on user inputs when executing in a background thread. This allows an attacker to trigger a runtime crash. Note: The cryptographic...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the ReadFileUtf8 internal binding, which fails to clean up pointers in uvfss.file. UTF-16 path buffers leak memory, which can lead to denial of service. Note: CVE-2025-23122 is a...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling in the llhttp implementation, when handing HTTP/1 headers terminated with \r\n\rX instead of the required \r\n\r\n. This allows attackers to bypass proxy-based access controls and submit unauthorized requests...

Moderate: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2025-47828

Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings...

Medium: nodejs22

Issue Overview: An issue in sqlite v.3.49.0 allows an attacker to cause a denial of service via the SQLITEDBCONFIGLOOKASIDE component CVE-2025-29088 Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function...

Fortinet FortiClient Code Execution due to Node.JS Environment Variable (FG-IR-24-025) (macOS)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-025 advisory. - An improper isolation or compartmentalization vulnerability CWE-653 in FortiClientMac version 7.4.2 and below, version...

@lumieducation/h5p-server Fails to Sanitize Plain Text Strings

Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings...

GHSA-M7GM-V253-56HH @lumieducation/h5p-server Fails to Sanitize Plain Text Strings

Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings...

CVE-2025-47828

Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings...

CVE-2025-47828

Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings...

CVE-2025-47828

CVE-2025-47828 affects Lumi H5P-Nodejs-library before 9.3.3. The root cause is omission of sanitizeHtml for plain text strings, enabling potential Cross-Site Scripting (XSS) risks. Impact is limited to confidentiality and integrity with no reported availability impact; attack vector is network, w...

CVE-2025-47828

Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings...

PT-2025-20649 · Unknown · Lumi H5P-Nodejs-Library

Name of the Vulnerable Software and Affected Versions: Lumi H5P-Nodejs-library versions prior to 9.3.3 Description: The issue is related to the omission of a sanitizeHtml call for plain text strings. This could potentially lead to security issues, although specific details about the estimated...

CVE-2025-47828

Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings...

H5P-Nodejs-library 安全漏洞

H5P-Nodejs-library is a collection of server-side and client-side packages open-sourced by Lumi that can be used to use h5p in nodejs backends. A security vulnerability exists in H5P-Nodejs-library versions prior to 9.3.3, which stems from not calling sanitizeHtml on a plain text string...