Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2025-1348)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1348 advisory. Use after free due to connection being cleaned up after error CVE-2025-62408 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus h...

CVE-2024-14020

A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes...

CVE-2019-12047

Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution, as demonstrated by childprocess.exec and the "...

Medium: nodejs24

Issue Overview: Use after free due to connection being cleaned up after error CVE-2025-62408 Affected Packages: nodejs24 Issue Correction: Run dnf update nodejs24 --releasever 2023.10.20260105 or dnf update --advisory ALAS2023-2025-1348 --releasever 2023.10.20260105 to update your system. More...

Medium: nodejs22

Issue Overview: Use after free due to connection being cleaned up after error CVE-2025-62408 Affected Packages: nodejs22 Issue Correction: Run dnf update nodejs22 --releasever 2023.10.20260105 or dnf update --advisory ALAS2023-2025-1347 --releasever 2023.10.20260105 to update your system. More...

Medium: nodejs20

Issue Overview: Use after free due to connection being cleaned up after error CVE-2025-62408 Affected Packages: nodejs20 Issue Correction: Run dnf update nodejs20 --releasever 2023.10.20260105 or dnf update --advisory ALAS2023-2025-1346 --releasever 2023.10.20260105 to update your system. More...

PT-2026-1548

Name of the Vulnerable Software and Affected Versions carboneio carbone versions prior to 3.5.6 Description A weakness exists in carboneio carbone up to version fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. The issue resides in the Formatter Handler component, specifically within the file lib/input.j...

Atlassian Confluence < 9.2.6 / 9.3.x < 9.4.0 / < 9.4.0 / 9.5.x < 9.5.2 / 10.0.x < 10.0.2 / 10.1.0 (CONFSERVER-101488)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101488 advisory. - The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable...

PT-2026-1337

Name of the Vulnerable Software and Affected Versions Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 Description The software contains a regular expression denial of service ReDoS issue within the UriTemplate class when handling RFC 6570 exploded array patterns. The dynamicall...

PT-2026-1342

Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.0.0 Description jsPDF, a JavaScript library for generating PDFs, has a critical flaw in its Node.js builds. Prior to version 4.0.0, the loadFile, addImage, html, and addFont methods are susceptible to local file...

Exploit for Code Injection in Symfony Twig

Successful Errors: New Code Injection and SSTI Techniques !R...

Exploit for Deserialization of Untrusted Data in Facebook React

Affected Versions |Component|Recommended Installation Version...

PT-2026-28317

Name of the Vulnerable Software and Affected Versions Node.js versions 20.x through 25.x Description A flaw exists in Node.js HMAC verification where a non-constant-time comparison is used when validating signatures provided by a user. This could potentially leak timing information proportional t...

PT-2026-28318

Name of the Vulnerable Software and Affected Versions Node.js versions 20 through 25 Description A memory leak can occur in Node.js HTTP/2 servers when a client sends WINDOW UPDATE frames on stream 0 connection-level that cause the flow control window to exceed the maximum value of 2³¹-1. The...

PT-2026-28316

Name of the Vulnerable Software and Affected Versions Node.js versions 20.x, 22.x, 24.x and v25.x Description A flaw in Node.js HTTP request handling results in an uncaught TypeError when a request includes a header named proto and the application accesses req.headersDistinct. Specifically, dest"...

PT-2026-3360

Name of the Vulnerable Software and Affected Versions Node.js versions affected versions not specified Description A flaw in Node.js TLS error handling can allow remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thro...

CVE-2025-15284

A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation e.g., a=value. This bypasses the arrayLimit option, which is designed to limit the size of...

CVE-2025-69211

Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses @nestjs/platform-fastify; relies on NestMiddleware via MiddlewareConsumer for security checks...

Node.js: TLS PSK/ALPN Callback Exceptions Bypass Error Handlers, Causing DoS and FD Leak

A flaw was discovered in Node.js TLS error handling that allowed remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback were in use. Synchronous exceptions thrown during these callbacks bypassed standard TLS error handling paths, causing either immediate...

nodejs:18 security, bug fix, and enhancement update

An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...