RLSA-2023:2654 Moderate: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.14.2. Security Fixes: glob-parent: Regular Expression Denial of Service...

Node.js React Server Components Unauthenticated Remote Code Execution (CVE-2025-55182)

Multiple Node.js React Server Components packages are affected by an unauthenticated remote code execution vulnerability. The following Node.js packages and versions are affected: - react-server-dom-webpack 19.0, 19.1.0, 19.1.1, 19.2.0 - react-server-dom-parcel 19.0, 19.1.0, 19.1.1, 19.2.0 -...

Malicious code in lbank-connector-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 269534d355daa221c39b34954aedea297175091aaf5ae63fec123b9bea17fa16 The package lbank-connector-nodejs was found to contain malicious code...

MAL-2025-191579 Malicious code in lbank-connector-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 269534d355daa221c39b34954aedea297175091aaf5ae63fec123b9bea17fa16 The package lbank-connector-nodejs was found to contain malicious code...

MAL-2025-191564 Malicious code in aps-simple-viewer-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a3d18d7c64f1636f4922e13d1cc9768c1516be07e755001ed729faff0a63c29 The package aps-simple-viewer-nodejs was found to contain malicious code...

Malicious code in aps-simple-viewer-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a3d18d7c64f1636f4922e13d1cc9768c1516be07e755001ed729faff0a63c29 The package aps-simple-viewer-nodejs was found to contain malicious code...

Malicious Package

Overview bcryptjs-nodejs is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package...

CVE-2025-5222 affecting package nodejs for versions less than 20.14.0-10

CVE-2025-5222 affecting package nodejs for versions less than 20.14.0-10. A patched version of the package is available...

@nmime/nestjs-asyncapi (>=2.0.0 <=2.0.7) potentially affected by unknown CVE via @asyncapi/nodejs-template (=3.0.4)

@asyncapi/nodejs-template NPM version =3.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/nodejs-template and may be impacted: - @nmime/nestjs-asyncapi =2.0.0, =2.0.7 Source cves: unknown CVE Source advisory:...

@nmime/nestjs-asyncapi (>=2.0.0 <=2.0.7) potentially affected by unknown CVE via @asyncapi/nodejs-ws-template (=0.10.0)

@asyncapi/nodejs-ws-template NPM version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/nodejs-ws-template and may be impacted: - @nmime/nestjs-asyncapi =2.0.0, =2.0.7 Source cves: unknown CVE Source advisory:...

@nmime/nestjs-asyncapi (>=2.0.0 <=2.0.7) potentially affected by unknown CVE via @asyncapi/nodejs-template (=3.0.4)

@asyncapi/nodejs-template NPM version =3.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/nodejs-template and may be impacted: - @nmime/nestjs-asyncapi =2.0.0, =2.0.7 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190718...

Malicious code in @asyncapi/nodejs-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 882d41f9612d27876945ecf55500df19a306cfac18cf244eb72f05288a51222a The package @asyncapi/nodejs-template was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190718 Malicious code in @asyncapi/nodejs-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 882d41f9612d27876945ecf55500df19a306cfac18cf244eb72f05288a51222a The package @asyncapi/nodejs-template was found to contain malicious code. Source: ghsa-malware...

Malicious code in @asyncapi/nodejs-ws-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06529fc17471f54f2c0fc317bca64f4b01fa049862dd2ce5863b33db8445b7ed The package @asyncapi/nodejs-ws-template was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198755

Malicious code in @asyncapi/nodejs-ws-template npm...

MAL-2025-190719 Malicious code in @asyncapi/nodejs-ws-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06529fc17471f54f2c0fc317bca64f4b01fa049862dd2ce5863b33db8445b7ed The package @asyncapi/nodejs-ws-template was found to contain malicious code. Source: ghsa-malware...

body-parser 安全漏洞

body-parser is a Node.js parsing middleware open-sourced by expressjs. A security vulnerability exists in body-parser version 2.2.0, which stems from inefficient handling of URL-encoded bodies and could lead to a denial-of-service attack...

TencentOS Server 4: nodejs20 (TSSA-2025:0415)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0415 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 3: nodejs:18 (TSSA-2024:0108)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0108 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway

Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on...