nodejs:16 security, bug fix, and enhancement update

An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

nodejs:18 security, bug fix, and enhancement update

An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

RLSA-2023:5362 Important: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18. BZ2234409 Security Fixes: nodejs: Permissions policies can be bypassed via...

RockyLinux 8 : nodejs:18 (RLSA-2023:5362)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5362 advisory. nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs-semver: Regular expression denial of service CVE-2022-25883 nodejs:...

RockyLinux 8 : nodejs:16 (RLSA-2023:5360)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5360 advisory. nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs-semver: Regular expression denial of service CVE-2022-25883 nodejs:...

CVE-2023-53940

Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...

Malicious code in ddos-gacor-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32622783fe9401d4c567f638a03e43b4559383e7f853ff0457f7f301420f95e9 The package ddos-gacor-v2 was found to contain malicious code. Source: ghsa-malware 3192709ec1aa7bcf745ab018eb8d6a537ace33453acda64299ef30193f8d64a9...

Node.js: Node.js permission model bypass via unchecked Unix Domain Socket connections (UDS)

A flaw was discovered in Node.js's permission model that allowed Unix Domain Socket UDS connections to bypass network restrictions when --permission was enabled. Even without --allow-net, attacker-controlled inputs could connect to arbitrary local sockets via net, tls, or undici/fetch, breaking t...

Node.js: Missing AES-GCM Authentication Tag Validation and Improper Deprecation Handling

Summary: In Node.js' crypto module, the createDecipheriv states that "the authTagLength option defaults to 16 bytes and must be set to a different value if a different length is used." here The authentication tag's length is however not validated against that default value and can be truncated do...

Node.js React Server Components Denial of Service (CVE-2025-67779)

Multiple Node.js React Server Components packages are affected by a denial of service vulnerability. The following Node.js packages and versions are affected: - react-server-dom-webpack 19.0.2, 19.1.3, 19.2.2 - react-server-dom-parcel 19.0.2, 19.1.3, 19.2.2 - react-server-dom-turbopack 19.0.2,...

axios: Axios DoS via lack of data size check

A denial of service flaw has been discovered in the Axios npm package. When Axios runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory Buffer/Blob and returns a synthetic 200 response. This path...

📄 is-localhost-ip 2.0.0 Restriction Bypass

is-localhost-ip version 2.0.0 suffers from a restriction bypass vulnerability. ============================================================================================================================================= | Title : is-localhost-ip 2.0.0 Restriction Bypass | | Author : indoushka | ...

CVE-2025-65945 auth0/node-jws improper HMAC signature verification vulnerability

auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the...

nodejs:18 security update

An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

RLSA-2023:5869 Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 A Rocky Enterprise Software Foundati...

nodejs:18 security update

An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

RockyLinux 8 : nodejs:18 (RLSA-2023:5869)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5869 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 A Rocky Enterprise Software Foundation...

RockyLinux 9 : nodejs:18 (RLSA-2023:2654)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2654 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-49...

RockyLinux 9 : nodejs:18 (RLSA-2023:5849)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5849 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 nodejs: integrity checks according to...

nodejs:18 security, bug fix, and enhancement update

An update is available for nodejs-packaging, module.nodejs-packaging. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform...