CVE-2025-46328 NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration from a user-provided...

GHSA-WMJQ-JRM2-9WFR NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file

Issue Snowflake discovered and remediated a vulnerability in the NodeJS Driver for Snowflake “Driver”. When using the Easy Logging feature on Linux and macOS the Driver didn’t correctly verify the permissions of the logging configuration file, potentially allowing an attacker with local access to...

NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file

Issue Snowflake discovered and remediated a vulnerability in the NodeJS Driver for Snowflake “Driver”. When using the Easy Logging feature on Linux and macOS the Driver didn’t correctly verify the permissions of the logging configuration file, potentially allowing an attacker with local access to...

Snowflake snowflake-connector-nodejs 安全漏洞

Snowflake snowflake-connector-nodejs is a Snowflake connector for NODEJS from Snowflake, Inc. A security vulnerability exists in Snowflake snowflake-connector-nodejs versions prior to 1.10.0 through 2.0.4, which stems from a TOCTOU competitive condition that could result in log configuration bein...

PT-2025-18122 · Snowflake · Snowflake-Connector-Nodejs

Name of the Vulnerable Software and Affected Versions: snowflake-connector-nodejs versions 1.10.0 through 2.0.4 Description: The issue concerns a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS, the driver reads logging configuration from...

CVE-2025-27516 affecting package nodejs for versions less than 20.14.0-7

CVE-2025-27516 affecting package nodejs for versions less than 20.14.0-7. A patched version of the package is available...

Azure Linux 3.0 Security Update: nodejs / python-jinja2 (CVE-2020-28493)

The version of nodejs / python-jinja2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-28493 advisory. - This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is...

CVE-2020-28493 affecting package nodejs for versions less than 20.14.0-1

CVE-2020-28493 affecting package nodejs for versions less than 20.14.0-1. A patched version of the package is available...

CVE-2024-34064 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-34064 affecting package nodejs for versions less than 20.14.0-1. A patched version of the package is available...

Azure Linux 3.0 Security Update: c-ares / fluent-bit / grpc / nodejs (CVE-2023-31130)

The version of c-ares / fluent-bit / grpc / nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-31130 advisory. - c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a...

Malicious code in rapyd-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 824016d2b7d246c5d458bbc5e7049f1233aa5289743b511bf1c1096dba58aefd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3115 Malicious code in rapyd-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 824016d2b7d246c5d458bbc5e7049f1233aa5289743b511bf1c1096dba58aefd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Fedora: Security Advisory (FEDORA-2025-9a278a7768)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 42 Update: nodejs-nodemon-3.1.9-4.fc42

Simple monitor script for use during development of a node.js app. For use during development of a node.js based application. nodemon will watch the files in the directory in which nodemon was started, and if any files change, nodemon will automatically restart your node application. nodemon does...

Fedora 40 : nodejs-nodemon (2025-9a278a7768)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-9a278a7768 advisory. Added patch for CVE-2024-4068 rhbz2280624 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Fedora 41 : nodejs-nodemon (2025-0951177024)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-0951177024 advisory. Added patch for CVE-2024-4068 rhbz2280624 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Malicious code in nodejs-website (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78f634e9e89620bdae97a2ba6be1914334b29090ecd8c222adae9b81f2a0bbf1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Azure Linux 3.0 Security Update: c-ares / fluent-bit / grpc / nodejs (CVE-2023-31147)

The version of c-ares / fluent-bit / grpc / nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-31147 advisory. - c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom a...

nodejs-electron-33.4.6-1.1 on GA media (moderate)

nodejs-electron-33.4.6-1.1 on GA media Announcement ID: openSUSE-SU-2025:14917-1 Rating: moderate Cross-References: CVE-2025-1920 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

CVE-2024-21890 vulnerabilities

Vulnerabilities for packages: nodejs...