MiracleLinux 9 : nodejs:18 (AXSA:2024-8154:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8154:01 advisory. nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of service...

MiracleLinux 8 : nodejs:12 (AXSA:2020-282:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-282:01 advisory. ICU: Integer overflow in UnicodeString::doAppend CVE-2020-10531 Modularity name: nodejs Stream name: 12 Tenable has extracted the preceding description block...

MiracleLinux 7 : rh-nodejs12-nodejs-nodemon-2.0.3-2.el7, rh-nodejs12-nodejs-12.22.2-1.el7 (AXSA:2021-2259:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2259:02 advisory. nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl CVE-2021-23362 nodejs-ssri: Regular expression DoS ReDoS...

MiracleLinux 9 : nodejs:18 (AXSA:2023-6463:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6463:01 advisory. nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs-semver: Regular expression denial of service CVE-2022-25883 nodej...

MiracleLinux 7 : rh-nodejs12-nodejs-12.18.2-1.el7 (AXSA:2020-219:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-219:03 advisory. ICU: Integer overflow in UnicodeString::doAppend CVE-2020-10531 nghttp2: overly large SETTINGS frames can lead to DoS CVE-2020-11080 nodejs-minimist:...

MiracleLinux 8 : nodejs:12 (AXSA:2021-1495:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1495:01 advisory. nodejs-mixin-deep: prototype pollution in function mixin-deep CVE-2019-10746 nodejs-set-value: prototype pollution in function set-value...

MiracleLinux 7 : rh-nodejs14-nodejs-14.15.4-2.el7 (AXSA:2021-1397:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1397:01 advisory. nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS CVE-2020-7754 nodejs-y18n: prototype pollution...

MiracleLinux 7 : rh-nodejs10-nodejs-10.23.1-2.el7 (AXSA:2021-1479:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1479:01 advisory. libuv: buffer overflow in realpath CVE-2020-8252 nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS...

MiracleLinux 8 : nodejs:16 (AXSA:2023-5262:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5262:01 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check...

MiracleLinux 9 : nodejs-nodemon-2.0.20-3.el9, nodejs-16.19.1-1.el9 (AXSA:2023-6037:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6037:02 advisory. c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-4904 http-cache-semantics: Regular Expression Denial of Servic...

MiracleLinux 8 : nodejs:18 (AXSA:2022-4480:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4480:01 advisory. nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields CVE-2022-35256...

MiracleLinux 9 : nodejs:18 (AXSA:2023-4944:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4944:01 advisory. nodejs-minimatch: ReDoS via the braceExpand function CVE-2022-3517 nodejs: DNS rebinding in inspect via invalid octal IP address CVE-2022-43548...

Code injection vulnerability in binary-parser library

Overview The binary-parser library for Node.js contains a code injection vulnerability that may allow arbitrary JavaScript code execution if untrusted input is used to construct parser definitions. Versions prior to 2.3.0 are affected. The issue has been resolved by the developer in a public...

MiracleLinux 7 : rh-nodejs10-nodejs-10.19.0-1.el7 (AXSA:2020-4479:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4479:01 advisory. nodejs: HTTP request smuggling using malformed Transfer-Encoding header CVE-2019-15605 nodejs: Remotely trigger an assertion on a TLS server with a...

MiracleLinux 8 : nodejs:10 (AXSA:2020-760:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-760:01 advisory. nghttp2: overly large SETTINGS frames can lead to DoS CVE-2020-11080 nodejs-minimist: prototype pollution allows adding or modifying properties of...

MiracleLinux 8 : nodejs:10 (AXSA:2021-1558:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1558:01 advisory. nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion CVE-2021-22883 nodejs: DNS rebinding in --inspect CVE-2021-22884 Tenable has...

MGASA-2026-0009 Updated nodejs packages fix security vulnerabilities

Node.js HTTP/2 server crashes with unhandled error when receiving malformed HEADERS frame. CVE-2025-59465 Uncatchable "Maximum call stack size exceeded" error on Node.js via asynchooks leads to process crashes bypassing error handlers. CVE-2025-59466 Bypass File System Permissions using crafted...

Updated nodejs packages fix security vulnerabilities

Node.js HTTP/2 server crashes with unhandled error when receiving malformed HEADERS frame. CVE-2025-59465 Uncatchable "Maximum call stack size exceeded" error on Node.js via asynchooks leads to process crashes bypassing error handlers. CVE-2025-59466 Bypass File System Permissions using crafted...

SUSE CVE-2026-22036

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...

@blockchain-lab-um/ssi-snap (>=1.0.3 <=1.0.7), @i3m/base-wallet (>=1.1.0 <=2.6.1) +50 more potentially affected by unknown CVE via @veramo/data-store (>=0.0.42 <=5.6.0)

@veramo/data-store NPM version =0.0.42, =1.0.3, =1.1.0, =1.1.0, =1.2.0, =1.1.0, =0.2.0, =1.0.0, =1.5.0, =1.5.1, =0.0.1, =0.11.1-next.4, =0.2.1-next.13, =0.8.1-next.272, =0.11.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-38CW-85XC-XR9X...