Azure Linux 3.0 Security Update: python-jinja2 (CVE-2024-22195)

The version of python-jinja2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22195 advisory. - Jinja is an extensible templating engine. Special placeholders in the template allow writing code...

Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2024-30260)

The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-30260 advisory. - Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and...

Azure Linux 3.0 Security Update: c-ares / fluent-bit / grpc / nodejs / nodejs18 / python-gevent (CVE-2024-25629)

The version of c-ares / fluent-bit / grpc / nodejs / nodejs18 / python-gevent installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-25629 advisory. - c-ares is a C library for asynchronous DNS requests...

Azure Linux 3.0 Security Update: cmake / libuv / nodejs / nodejs18 / python-gevent (CVE-2024-24806)

The version of cmake / libuv / nodejs / nodejs18 / python-gevent installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24806 advisory. - libuv is a multi-platform support library with a focus on...

Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2024-30261)

The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-30261 advisory. - Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integri...

Azure Linux 3.0 Security Update: cloud-hypervisor-cvm / edk2 / hvloader / nodejs / nodejs18 / openssl (CVE-2024-4603)

The version of cloud-hypervisor-cvm / edk2 / hvloader / nodejs / nodejs18 / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4603 advisory. - Issue summary: Checking excessively long DSA ke...

Azure Linux 3.0 Security Update: nodejs / nodejs18 / python-jinja2 (CVE-2024-34064)

The version of nodejs / nodejs18 / python-jinja2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-34064 advisory. - Jinja is an extensible templating engine. The xmlattr filter in affected versions...

Azure Linux 3.0 Security Update: fluent-bit / nghttp2 / nodejs / nodejs18 (CVE-2024-28182)

The version of fluent-bit / nghttp2 / nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28182 advisory. - nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 ...

Updated nodejs packages fix security vulnerabilities

Worker permission bypass via InternalWorker leak in diagnostics. CVE-2025-23083 GOAWAY HTTP/2 frames cause memory leak outside heap. CVE-2025-23085...

DEBIAN-CVE-2025-23085

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...

AZL-56519 CVE-2025-23085 affecting package nodejs for versions less than 20.14.0-5

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...

AZL-56476 CVE-2025-23085 affecting package nodejs18 for versions less than 18.20.3-3

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment from the Node.js open source. A security vulnerability exists in Node.js versions v18.x, v20.x, v22.x, and v23.x. The vulnerability stems from a memory leak that may occur when a remote peer suddenly closes a socket without...

Important: nodejs20

Issue Overview: Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values...

Important: nodejs20

Issue Overview: Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values...

ajax-request 安全漏洞

ajax-request is a nodejs HTTP request by nothing personal developer. A security vulnerability exists in ajax-request v1.2.3, which stems from the lib.post function containing a prototype contamination vulnerability...

Malicious code in sample-nodejs-vsk-with-adm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 268548cd4032a80297c2f7fd9c2e1171027f9ecf4fabcb35debfb7c1fbc0cc13 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1173 Malicious code in sample-nodejs-vsk-with-adm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 268548cd4032a80297c2f7fd9c2e1171027f9ecf4fabcb35debfb7c1fbc0cc13 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Improper Access Control

snowflake-connector-nodejs is vulnerable to Improper Access Control. The vulnerability is due to insufficient file permission checks due to an attacker with write access to the local cache directory being able to bypass temporary credential cache restrictions...

CVE-2025-23083 affecting package nodejs for versions less than 20.14.0-4

CVE-2025-23083 affecting package nodejs for versions less than 20.14.0-4. A patched version of the package is available...