CVE-2025-23083 affecting package nodejs for versions less than 20.14.0-4

CVE-2025-23083 affecting package nodejs for versions less than 20.14.0-4. A patched version of the package is available...

Malicious code in nodejs-paypal-checkout-demo (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 909c8505097e7b62c38bde6c75bb0ba8516f566136ec093b913944bcbdd1130e Any computer that has this package installed or running should be considered...

GHSA-XFHV-WQJ6-RX99 snowflake-sdk may incorrectly validate temporary credential cache file permissions

Issue Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux...

snowflake-sdk may incorrectly validate temporary credential cache file permissions

Issue Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux...

CVE-2025-24791 snowflake-connector-nodejs has incorrect validation of temporary credential cache file permissions

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This...

CVE-2025-24791 snowflake-connector-nodejs has incorrect validation of temporary credential cache file permissions

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This...

CVE-2025-24791

CVE-2025-24791 affects snowflake-connector-nodejs (Snowflake NodeJS Driver) on Linux. The vulnerability allows bypassing file permissions checks for the temporary credential cache, exploitable by an attacker with write access to the local cache directory. Affected versions are 1.12.0 through 2.0....

CVE-2025-24791 snowflake-connector-nodejs has incorrect validation of temporary credential cache file permissions

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This...

SUSE-SU-2025:0284-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to 22.13.1: - CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics bsc1236251 - CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 - CVE-2025-22150: Fixed insufficiently...

NodeJS Driver for Snowflake 安全漏洞

NodeJS Driver for Snowflake is an open source NodeJS driver from Snowflake Computing. A security vulnerability exists in NodeJS Driver for Snowflake versions prior to 2.0.2, which stems from an attacker with write access to a local cache directory can bypass file permission checks in the temporar...

UBUNTU-CVE-2025-23084

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory...

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.18.2: CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics bsc1236251 CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 CVE-2025-22150: Fixed insufficiently random...

SUSE-SU-2025:0237-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.18.2: - CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics bsc1236251 - CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 - CVE-2025-22150: Fixed insufficiently...

Security update for nodejs18

This update for nodejs18 fixes the following issues: Update to 18.20.6: CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici bsc1236258 Patc...

SUSE-SU-2025:0234-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: Update to 18.20.6: - CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 - CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici bsc1236258...

Security update for nodejs18

This update for nodejs18 fixes the following issues: Update to 18.20.6: CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici bsc1236258 Patc...

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.18.2: CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics bsc1236251 CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 CVE-2025-22150: Fixed insufficiently random...

OPENSUSE-SU-2025:14687-1 nodejs-electron-33.3.2-1.1 on GA media

These are all security issues fixed in the nodejs-electron-33.3.2-1.1 package on the GA media of openSUSE Tumbleweed...

AZL-56022 CVE-2025-0611 affecting package nodejs18 18.20.3-11

Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

AZL-56052 CVE-2025-0612 affecting package nodejs18 18.20.3-11

Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...