Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale

Implement and monitor Appsec control at scale. Requirements NodeJS 20.13 Tested on Mac Ubuntu How to install $ git clone [email protected]:mf-labs/witcher.git $ cd witcher $ npm i Build a Docker image $ git clone [email protected]:mf-labs/witcher.git $ cd witcher $ docker build -t witch...

SUSE CVE-2025-47153

Certain build processes for libuv and Node.js for 32-bit systems, such as for the nodejs binary package through nodejs20.19.0+dfsg-2i386.deb for Debian GNU/Linux, have an inconsistent offt size e.g., building on i386 Debian always uses FILEOFFSETBITS=64 for the libuv dynamic library, but uses the...

AlmaLinux 8 : nodejs:22 (ALSA-2025:4459)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:4459 advisory. c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 SQLite: integer overflow in SQLite CVE-2025-3277 Tenable has extracted the preceding...

AlmaLinux 8 : nodejs:20 (ALSA-2025:4461)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:4461 advisory. c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 Tenable has extracted the preceding description block directly from the AlmaLinux security...

20 bug fix and enhancement update

An update is available for nodejs-nodemon, nodejs-packaging, module.nodejs-packaging, module.nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

RHSA-2025:4461 Red Hat Security Advisory: nodejs:20 security update

Bulletin has no description...

Oracle Linux 8 : nodejs:22 (ELSA-2025-4459)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-4459 advisory. - Patch fix for sqlite CVE-2025-31498 Resolves: RHEL-87300 Tenable has extracted the preceding description block directly from the Oracle Linux securit...

Oracle Linux 8 : nodejs:20 (ELSA-2025-4461)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-4461 advisory. nodejs 1:20.19.1-1 - Update to version 20.19.1 Resolves: RHEL-78763 1:20.18.2-4 - Update c-ares to 1.34.5 to address CVE-2025-31498 Tenable has extracted the...

[SECURITY] Fedora 42 Update: nodejs-pnpm-10.9.0-1.fc42

A fast, disk space efficient package manager for NodeJS...

[SECURITY] Fedora 41 Update: nodejs-pnpm-10.9.0-1.fc41

A fast, disk space efficient package manager for NodeJS...

[SECURITY] Fedora 40 Update: nodejs-pnpm-10.9.0-1.fc40

A fast, disk space efficient package manager for NodeJS...

Fedora 40 : nodejs-bash-language-server / nodejs-pnpm (2025-f68a9b835d)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-f68a9b835d advisory. Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language-server to version 5.6.0 Tenable has extracted the preceding description block...

Fedora 41 : nodejs-bash-language-server / nodejs-pnpm (2025-d4cc30bdfb)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-d4cc30bdfb advisory. Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language-server to version 5.6.0 Tenable has extracted the preceding description block...

Debian: Security Advisory (DLA-4152-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 4152-1] nodejs security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4152-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 02, 2025 https://wiki.debian.org/LTS -...

UBUNTU-CVE-2025-47153

Certain build processes for libuv and Node.js for 32-bit systems, such as for the nodejs binary package through nodejs20.19.0+dfsg-2i386.deb for Debian GNU/Linux, have an inconsistent offt size e.g., building on i386 Debian always uses FILEOFFSETBITS=64 for the libuv dynamic library, but uses the...

Ubuntu: Security Advisory (USN-7469-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7469-3 nodejs vulnerability

USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update provides the corresponding updates for Node.js. Original advisory details: It was discovered that Apache Traffic Server exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issu...

Medium: nodejs20

Issue Overview: c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if t...

CVE-2025-46328

CVE-2025-46328 affects the Snowflake Node.js driver. Versions 1.10.0 up to (but not including) 2.0.4 are vulnerable to a TOCTOU race in the Linux/macOS Easy Logging configuration check: the driver validates that the logging config file is writable only by the owner, but the check can be bypassed,...