CVE-2025-59465 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2023-39333 vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-HG6J-8H7M-3W3J vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-52XJ-VX8W-46QJ vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-XFGW-QCMV-354J vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2024-27982 vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-GGXC-26FX-987R vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-9JWR-P39P-HWG2 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2026-21637 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2025-59466 vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-WJ24-GWH6-MGH8 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2023-46809 vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-J65R-8HRG-QC6X vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2025-55131 vulnerabilities

Vulnerabilities for packages: nodejs...

SUSE SLES15 Security Update : nodejs22 (SUSE-SU-2026:0301-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0301-1 advisory. Security fixes: - CVE-2026-22036: Fixed unbounded decompression chain in HTTP response leading to resource exhaustion bsc1256848 -...

CVE-2025-57283

Node.js package browserstack-local v1.5.8 contains a command‑injection vulnerability. The logfile variable is not properly sanitized in lib/Local.js, allowing an attacker to cause arbitrary OS commands to execute when the variable is processed. Exploitation is contingent on the attacker’s ability...

NewStart CGSL MAIN 6.06 : nodejs Multiple Vulnerabilities (NS-SA-2025-0241)

The remote NewStart CGSL host, running version MAIN 6.06, has nodejs packages installed that are affected by multiple vulnerabilities: - The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects...

CVE-2020-36956

Openfire 4.6.0 contains a stored cross-site scripting vulnerability in the nodejs plugin that allows attackers to inject malicious scripts through the 'path' parameter. Attackers can craft a payload with script tags to execute arbitrary JavaScript in the context of administrative users viewing th...

CVE-2026-22709

vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of...

CVE-2026-22709 vm2 has a Sandbox Escape

vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of...