RHSA-2026:2422 Red Hat Security Advisory: nodejs:20 security update

Bulletin has no description...

RHSA-2026:2421 Red Hat Security Advisory: nodejs:22 security update

Bulletin has no description...

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.20.0: CVE-2026-22036: Updated undici to 6.23.0 bsc1256848 CVE-2025-59465: Add TLSSocket default error handler bsc1256573 CVE-2025-55132: Disable futimes when permission model is enabled bsc1256571 CVE-2025-55130: Require full read...

SUSE-SU-2026:0435-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: - Update to 20.20.0: - CVE-2026-22036: Updated undici to 6.23.0 bsc1256848 - CVE-2025-59465: Add TLSSocket default error handler bsc1256573 - CVE-2025-55132: Disable futimes when permission model is enabled bsc1256571 - CVE-2025-55130: Require...

nodejs:24 security update

An update is available for nodejs, nodejs-nodemon, module.nodejs-packaging, nodejs-packaging, module.nodejs, module.nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RLSA-2026:2421 Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service...

nodejs:20 security update

An update is available for nodejs, nodejs-nodemon, module.nodejs-packaging, nodejs-packaging, module.nodejs, module.nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

nodejs:22 security update

An update is available for nodejs, nodejs-nodemon, module.nodejs-packaging, nodejs-packaging, module.nodejs, module.nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

CVE-2026-25931

vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings.determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true package.json and is read from workspace...

RockyLinux 8 : nodejs:22 (RLSA-2026:2421)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:2421 advisory. nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service CVE-2025-594...

RockyLinux 8 : nodejs:24 (RLSA-2026:2420)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:2420 advisory. nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service CVE-2025-594...

RockyLinux 8 : nodejs:20 (RLSA-2026:2422)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:2422 advisory. nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service CVE-2025-594...

Oracle Linux 8 : nodejs:24 (ELSA-2026-2420)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2420 advisory. nodejs 1:24.13.0-1 - Update to 24.13.0 Resolves: RHEL-135257 1:24.4.1-1 - Initial import of nodejs:24 nodejs-nodemon 3.0.3-1 - Initial import into...

nodejs: Nodejs uninitialized memory exposure

A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other...

nodejs: Nodejs filesystem permissions bypass

A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via futimes even when the process has only read permissions. Unlike utimes, futimes does not apply the expected write-permission checks, which means file metadata can be modified in read-on...

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

nodejs: Nodejs denial of service

A stack overflow flaw has been discovered in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications tha...

Important: Red Hat Security Advisory: nodejs:22 security update

An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

nodejs: Nodejs file permissions bypass

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

nodejs: Nodejs file permissions bypass

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...