AZL-56862 CVE-2025-0995 affecting package nodejs18 18.20.3-11

Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

RHSA-2025:1446 Red Hat Security Advisory: nodejs:18 security update

Bulletin has no description...

RockyLinux 9 : nodejs:18 (RLSA-2025:1446)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:1446 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 Tenable has...

Oracle Linux 8 : nodejs:20 (ELSA-2025-1351)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-1351 advisory. - Update to version 20.18.2 Fixes: CVE-2025-23083 CVE-2025-23085 CVE-2025-22150 Resolves: RHEL-76001 RHEL-76146 - Update to 20.16.0 Fixes: CVE-2024-361...

CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2025-23085)

The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23085 advisory. - A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY...

Oracle Linux 9 : nodejs:18 (ELSA-2025-1446)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-1446 advisory. - Update to version 18.20.6 Resolves: RHEL-76801 Fixes: CVE-2025-23085 Tenable has extracted the preceding description block directly from the Oracle...

CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2025-22150)

The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22150 advisory. - Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and...

CVE-2024-22195 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-22195 affecting package nodejs for versions less than 20.14.0-1. A patched version of the package is available...

nodejs: Node.js Worker Thread Exposure via Diagnostics Channel

A flaw was found in the Node.js diagnosticschannel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created...

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083...

Regular Expression Denial of Service (ReDoS)

Overview parse-duration is a package that converts a human readable duration to ms. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. An attacker could cause an event loop delay or trigger an out of memory error that would crash a running Node.js...

CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2023-32002)

The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-32002 advisory. - The use of Module.load can bypass the policy mechanism and require modules outside of the...

Azure Linux 3.0 Security Update: c-ares / fluent-bit / grpc / nodejs (CVE-2023-32067)

The version of c-ares / fluent-bit / grpc / nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-32067 advisory. - c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of...

Azure Linux 3.0 Security Update: nodejs / pytorch (CVE-2021-22918)

The version of nodejs / pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-22918 advisory. - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii ...

Azure Linux 3.0 Security Update: nodejs / nodejs18 / reaper (CVE-2023-42282)

The version of nodejs / nodejs18 / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-42282 advisory. - The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such ...

Mageia: Security Advisory (MGASA-2025-0041)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Azure Linux 3.0 Security Update: nodejs / nodejs18 / reaper (CVE-2024-28863)

The version of nodejs / nodejs18 / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28863 advisory. - node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the numbe...

Azure Linux 3.0 Security Update: cloud-hypervisor-cvm / hvloader / nodejs18 (CVE-2023-5363)

The version of cloud-hypervisor-cvm / hvloader / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5363 advisory. - Issue summary: A bug has been identified in the processing of key and...

Azure Linux 3.0 Security Update: cloud-hypervisor-cvm / hvloader / nodejs / nodejs18 / openssl (CVE-2023-6237)

The version of cloud-hypervisor-cvm / hvloader / nodejs / nodejs18 / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6237 advisory. - Issue summary: Checking excessively long invalid RSA...

Azure Linux 3.0 Security Update: nodejs / nodejs18 / reaper (CVE-2024-21538)

The version of nodejs / nodejs18 / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21538 advisory. - Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are...