MiracleLinux 7 : http-parser-2.7.1-8.el7 (AXSA:2019-4071:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-4071:01 advisory. nodejs: Denial of Service with large HTTP headers CVE-2018-12121 nodejs: HTTP parser allowed for spaces inside Content-Length header values...

MiracleLinux 7 : rh-nodejs8-nodejs-8.11.4-1.el7 (AXSA:2019-3540:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3540:01 advisory. nodejs: Out of bounds OOB write via UCS-2 encoding CVE-2018-12115 Tenable has extracted the preceding description block directly from the MiracleLin...

GHSA-37V4-CWGP-X353 vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-P2WW-P57H-W5M7 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2025-23084 vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-P2WW-P57H-W5M7 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2025-23084 vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-37V4-CWGP-X353 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2024-36138 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2026-22036 Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...

CVE-2026-22036

Undici (HTTP/1.1 client for Node.js) contains a vulnerability in its decompression chain handling. Before versions 7.18.0 and 6.23.0, the chain can have an unbounded number of links, and the default maxHeaderSize allows a malicious server to insert thousands of compression steps, causing high CPU...

GHSA-F27J-4F6G-JP27 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2024-21892 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2024-21892 vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-F27J-4F6G-JP27 vulnerabilities

Vulnerabilities for packages: nodejs...

Enclave 安全漏洞

Enclave is an open source sandboxing software from AgentFront. A security vulnerability exists in versions prior to Enclave 2.7.0 that stems from a sandbox escape that could lead to the execution of arbitrary code in the host Node.js runtime...

📄 n8n Workflow Expression Remote Code Execution

This Metasploit module exploits a critical remote code execution vulnerability CVE-2025-68613 in the n8n workflow automation platform. The vulnerability exists in the workflow expression evaluation system where user-supplied expressions enclosed in are evaluated in an execution context that is no...

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @any-code/agent (>=0.0.1 <=0.0.16) +123 more potentially affected by CVE-2026-22817 via hono (>=4.0.0 <=4.11.3)

hono NPM version =4.0.0, =0.1.8-fix.3, =0.0.1, =1.7.2, =1.7.1, =0.2.1, =0.6.1, =0.5.2, =1.0.2, =1.0.0, =4.0.0-alpha.28, =1.1.54, =1.1.54, =0.1.0, =0.0.4, =2.0.4 and more Source cves: CVE-2026-22817 Source advisory: SNYK:JS-HONO-14927374...

n8n Workflow Expression Remote Code Execution

This module exploits a critical remote code execution vulnerability CVE-2025-68613 in the n8n workflow automation platform. The vulnerability exists in the workflow expression evaluation system where user-supplied expressions enclosed in are evaluated in an execution context that is not...

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

Overview Affected versions of this package are vulnerable to Reliance on Undefined, Unspecified, or Implementation-Defined Behavior due to a flaw in error handling when asynchooks or AsyncLocalStorage is enabled. Normally, a "Maximum call stack size exceeded" error stack overflow is catchable by...