Fedora 40 : nodejs-nodemon (2025-9a278a7768)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-9a278a7768 advisory. Added patch for CVE-2024-4068 rhbz2280624 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Fedora 41 : nodejs-nodemon (2025-0951177024)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-0951177024 advisory. Added patch for CVE-2024-4068 rhbz2280624 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

AZL-44562 CVE-2024-4068 affecting package nodejs-nodemon 2.0.3-5

The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating...

AZL-43534 CVE-2022-25883 affecting package nodejs-nodemon 2.0.3-4

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

AZL-44826 CVE-2016-10539 affecting package nodejs-nodemon 2.0.3-5

negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string...