Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
219
security advisorydenial of serviceimportantRocky Linux 9 Node.js Significant Upgrade Announcement RLSA-2026-2786
Important: nodejs:24 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:2781", "synopsis": "Important: nodejs:24 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for nodejs, nodejs-nodemon, module.nodejs-packaging, nodejs-packaging, module.nodejs, module.nodejs-nodemon.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: Nodejs filesystem permissions bypass (CVE-2025-55132)\n\n* nodejs: Nodejs denial of service (CVE-2026-21637)\n\n* nodejs: Nodejs denial of service (CVE-2025-59466)\n\n* nodejs: Nodejs denial of service (CVE-2025-59465)\n\n* nodejs: Nodejs uninitialized memory exposure (CVE-2025-55131)\n\n* nodejs: Nodejs file permissions bypass (CVE-2025-55130)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2431338", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431338", "description": ""}, {"ticket": "2431340", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431340", "description": ""}, {"ticket": "2431343", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431343", "description": ""}, {"ticket": "2431349", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431349", "description": ""}, {"ticket": "2431350", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431350", "description": ""}, {"ticket": "2431352", "sourceBy": "Red Hat","sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431352", "description": ""}], "cves": [{"name": "CVE-2025-55130", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55130", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "cvss3BaseScore": "7.1", "cwe": "CWE-281"}, {"name": "CVE-2025-55131", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55131", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "cvss3BaseScore": "7.1", "cwe": "CWE-497"}, {"name": "CVE-2025-55132", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55132", "cvss3ScoringVector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "cvss3BaseScore": "2.8", "cwe": "CWE-281"}, {"name": "CVE-2025-59465", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-59465", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-248"}, {"name": "CVE-2025-59466", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-59466", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-770"}, {"name": "CVE-2026-21637", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21637", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-248"}], "references": [], "publishedAt": "2026-02-18T09:05:30.043251Z", "rpms": {"Rocky Linux 9": {"nvras": ["nodejs-nodemon-0:3.0.3-3.module+el9.7.0+40025+0e0cf6b2.noarch.rpm", "nodejs-nodemon-0:3.0.3-3.module+el9.7.0+40025+0e0cf6b2.src.rpm", "nodejs-packaging-0:2021.06-6.module+el9.7.0+40052+e32ea525.noarch.rpm", "nodejs-packaging-0:2021.06-6.module+el9.7.0+40052+e32ea525.src.rpm", "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+40052+e32ea525.noarch.rpm", "nodejs-1:24.13.0-1.module+el9.7.0+40084+5fab4181.aarch64.rpm","nodejs-1:24.13.0-1.module+el9.7.0+40084+5fab4181.ppc64le.rpm", "nodejs-1:24.13.0-1.module+el9.7.0+40084+5fab4181.s390x.rpm", "nodejs-1:24.13.0-1.module+el9.7.0+40084+5fab4181.src.rpm", "nodejs-1:24.13.0-1.module+el9.7.0+40084+5fab4181.x86_64.rpm", "nodejs-debuginfo-1:24.13.0-1.module+el9.7.0+40084+5fab4181.aarch64.rpm", "nodejs-debuginfo-1:24.13.0-1.module+el9.7.0+40084+5fab4181.ppc64le.rpm", "nodejs-debuginfo-1:24.13.0-1.module+el9.7.0+40084+5fab4181.s390x.rpm", "nodejs-debuginfo-1:24.13.0-1.module+el9.7.0+40084+5fab4181.x86_64.rpm", "nodejs-debugsource-1:24.13.0-1.module+el9.7.0+40084+5fab4181.aarch64.rpm", "nodejs-debugsource-1:24.13.0-1.module+el9.7.0+40084+5fab4181.ppc64le.rpm", "nodejs-debugsource-1:24.13.0-1.module+el9.7.0+40084+5fab4181.s390x.rpm", "nodejs-debugsource-1:24.13.0-1.module+el9.7.0+40084+5fab4181.x86_64.rpm", "nodejs-devel-1:24.13.0-1.module+el9.7.0+40084+5fab4181.aarch64.rpm", "nodejs-devel-1:24.13.0-1.module+el9.7.0+40084+5fab4181.ppc64le.rpm", "nodejs-devel-1:24.13.0-1.module+el9.7.0+40084+5fab4181.s390x.rpm", "nodejs-devel-1:24.13.0-1.module+el9.7.0+40084+5fab4181.x86_64.rpm", "nodejs-docs-1:24.13.0-1.module+el9.7.0+40084+5fab4181.noarch.rpm", "nodejs-full-i18n-1:24.13.0-1.module+el9.7.0+40084+5fab4181.aarch64.rpm", "nodejs-full-i18n-1:24.13.0-1.module+el9.7.0+40084+5fab4181.ppc64le.rpm", "nodejs-full-i18n-1:24.13.0-1.module+el9.7.0+40084+5fab4181.s390x.rpm", "nodejs-full-i18n-1:24.13.0-1.module+el9.7.0+40084+5fab4181.x86_64.rpm", "nodejs-libs-1:24.13.0-1.module+el9.7.0+40084+5fab4181.aarch64.rpm", "nodejs-libs-1:24.13.0-1.module+el9.7.0+40084+5fab4181.ppc64le.rpm", "nodejs-libs-1:24.13.0-1.module+el9.7.0+40084+5fab4181.s390x.rpm", "nodejs-libs-1:24.13.0-1.module+el9.7.0+40084+5fab4181.x86_64.rpm", "nodejs-libs-debuginfo-1:24.13.0-1.module+el9.7.0+40084+5fab4181.aarch64.rpm", "nodejs-libs-debuginfo-1:24.13.0-1.module+el9.7.0+40084+5fab4181.ppc64le.rpm", "nodejs-libs-debuginfo-1:24.13.0-1.module+el9.7.0+40084+5fab4181.s390x.rpm","nodejs-libs-debuginfo-1:24.13.0-1.module+el9.7.0+40084+5fab4181.x86_64.rpm", "npm-1:11.6.2-1.24.13.0.1.module+el9.7.0+40084+5fab4181.noarch.rpm", "v8-13.6-devel-3:13.6.233.17-1.24.13.0.1.module+el9.7.0+40084+5fab4181.aarch64.rpm", "v8-13.6-devel-3:13.6.233.17-1.24.13.0.1.module+el9.7.0+40084+5fab4181.ppc64le.rpm", "v8-13.6-devel-3:13.6.233.17-1.24.13.0.1.module+el9.7.0+40084+5fab4181.s390x.rpm", "v8-13.6-devel-3:13.6.233.17-1.24.13.0.1.module+el9.7.0+40084+5fab4181.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Node.js security update available for Rocky Linux with fixes for multiple issues, including denial of service and permissions bypass.. Rocky Linux nodejs security update denial of service permissions. . Severity: Important. LinuxSecurity.com Team
Feb 18, 2026
•Important
Rocky Linux
219
security advisorydenial of serviceimportantRocky Linux 9 RLSA-2026-2787 npm Significant Security Risk Notification
Important: nodejs:22 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:2782", "synopsis": "Important: nodejs:22 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: Nodejs filesystem permissions bypass (CVE-2025-55132)\n\n* nodejs: Nodejs denial of service (CVE-2026-21637)\n\n* nodejs: Nodejs denial of service (CVE-2025-59466)\n\n* nodejs: Nodejs denial of service (CVE-2025-59465)\n\n* nodejs: Nodejs uninitialized memory exposure (CVE-2025-55131)\n\n* nodejs: Nodejs file permissions bypass (CVE-2025-55130)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2431338", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431338", "description": ""}, {"ticket": "2431340", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431340", "description": ""}, {"ticket": "2431343", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431343", "description": ""}, {"ticket": "2431349", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431349", "description": ""}, {"ticket": "2431350", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431350", "description": ""}, {"ticket": "2431352", "sourceBy": "Red Hat", "sourceLink":"https://bugzilla.redhat.com/show_bug.cgi?id=2431352", "description": ""}], "cves": [{"name": "CVE-2025-55130", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55130", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "cvss3BaseScore": "7.1", "cwe": "CWE-281"}, {"name": "CVE-2025-55131", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55131", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "cvss3BaseScore": "7.1", "cwe": "CWE-497"}, {"name": "CVE-2025-55132", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55132", "cvss3ScoringVector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "cvss3BaseScore": "2.8", "cwe": "CWE-281"}, {"name": "CVE-2025-59465", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-59465", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-248"}, {"name": "CVE-2025-59466", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-59466", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-770"}, {"name": "CVE-2026-21637", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21637", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-248"}], "references": [], "publishedAt": "2026-02-18T09:05:30.043251Z", "rpms": {"Rocky Linux 9": {"nvras": ["nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40017+f0db1785.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40018+a011993d.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40022+9ecc286c.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40017+f0db1785.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40022+9ecc286c.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40018+a011993d.src.rpm", "nodejs-packaging-0:2021.06-5.module+el9.7.0+40051+f2ef3f49.noarch.rpm","nodejs-packaging-0:2021.06-5.module+el9.7.0+40050+22a42328.noarch.rpm", "nodejs-packaging-0:2021.06-5.module+el9.7.0+40050+22a42328.src.rpm", "nodejs-packaging-0:2021.06-5.module+el9.7.0+40051+f2ef3f49.src.rpm", "nodejs-packaging-bundler-0:2021.06-5.module+el9.7.0+40051+f2ef3f49.noarch.rpm", "nodejs-packaging-bundler-0:2021.06-5.module+el9.7.0+40050+22a42328.noarch.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Node.js security updates available for Rocky Linux 9, addressing critical issues including denial of service and permissions fixes.. Rocky Linux nodejs security update, nodejs vulnerabilities, denial of service, filesystem permissions bypass. . Severity: Important. LinuxSecurity.com Team
Feb 18, 2026
•Important
Rocky Linux
219
security advisorydenial of serviceimportantRocky Linux 9 nodejs Important Denial of Service Security RLSA-2026-2781
Important: nodejs:24 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:2781", "synopsis": "Important: nodejs:24 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for nodejs, nodejs-nodemon, module.nodejs-packaging, nodejs-packaging, module.nodejs, module.nodejs-nodemon.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: Nodejs filesystem permissions bypass (CVE-2025-55132)\n\n* nodejs: Nodejs denial of service (CVE-2026-21637)\n\n* nodejs: Nodejs denial of service (CVE-2025-59466)\n\n* nodejs: Nodejs denial of service (CVE-2025-59465)\n\n* nodejs: Nodejs uninitialized memory exposure (CVE-2025-55131)\n\n* nodejs: Nodejs file permissions bypass (CVE-2025-55130)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2431338", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431338", "description": ""}, {"ticket": "2431340", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431340", "description": ""}, {"ticket": "2431343", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431343", "description": ""}, {"ticket": "2431349", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431349", "description": ""}, {"ticket": "2431350", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431350", "description": ""}, {"ticket": "2431352", "sourceBy": "Red Hat","sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431352", "description": ""}], "cves": [{"name": "CVE-2025-55130", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55130", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "cvss3BaseScore": "7.1", "cwe": "CWE-281"}, {"name": "CVE-2025-55131", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55131", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "cvss3BaseScore": "7.1", "cwe": "CWE-497"}, {"name": "CVE-2025-55132", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55132", "cvss3ScoringVector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "cvss3BaseScore": "2.8", "cwe": "CWE-281"}, {"name": "CVE-2025-59465", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-59465", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-248"}, {"name": "CVE-2025-59466", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-59466", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-770"}, {"name": "CVE-2026-21637", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21637", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-248"}], "references": [], "publishedAt": "2026-02-18T09:05:30.043251Z", "rpms": {"Rocky Linux 9": {"nvras": ["nodejs-nodemon-0:3.0.3-3.module+el9.7.0+40025+0e0cf6b2.noarch.rpm", "nodejs-nodemon-0:3.0.3-3.module+el9.7.0+40025+0e0cf6b2.src.rpm", "nodejs-packaging-0:2021.06-6.module+el9.7.0+40052+e32ea525.noarch.rpm", "nodejs-packaging-0:2021.06-6.module+el9.7.0+40052+e32ea525.src.rpm", "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+40052+e32ea525.noarch.rpm", "nodejs-1:24.13.0-1.module+el9.7.0+40084+5fab4181.aarch64.rpm","nodejs-1:24.13.0-1.module+el9.7.0+40084+5fab4181.ppc64le.rpm", "nodejs-1:24.13.0-1.module+el9.7.0+40084+5fab4181.s390x.rpm", "nodejs-1:24.13.0-1.module+el9.7.0+40084+5fab4181.src.rpm", "nodejs-1:24.13.0-1.module+el9.7.0+40084+5fab4181.x86_64.rpm", "nodejs-debuginfo-1:24.13.0-1.module+el9.7.0+40084+5fab4181.aarch64.rpm", "nodejs-debuginfo-1:24.13.0-1.module+el9.7.0+40084+5fab4181.ppc64le.rpm", "nodejs-debuginfo-1:24.13.0-1.module+el9.7.0+40084+5fab4181.s390x.rpm", "nodejs-debuginfo-1:24.13.0-1.module+el9.7.0+40084+5fab4181.x86_64.rpm", "nodejs-debugsource-1:24.13.0-1.module+el9.7.0+40084+5fab4181.aarch64.rpm", "nodejs-debugsource-1:24.13.0-1.module+el9.7.0+40084+5fab4181.ppc64le.rpm", "nodejs-debugsource-1:24.13.0-1.module+el9.7.0+40084+5fab4181.s390x.rpm", "nodejs-debugsource-1:24.13.0-1.module+el9.7.0+40084+5fab4181.x86_64.rpm", "nodejs-devel-1:24.13.0-1.module+el9.7.0+40084+5fab4181.aarch64.rpm", "nodejs-devel-1:24.13.0-1.module+el9.7.0+40084+5fab4181.ppc64le.rpm", "nodejs-devel-1:24.13.0-1.module+el9.7.0+40084+5fab4181.s390x.rpm", "nodejs-devel-1:24.13.0-1.module+el9.7.0+40084+5fab4181.x86_64.rpm", "nodejs-docs-1:24.13.0-1.module+el9.7.0+40084+5fab4181.noarch.rpm", "nodejs-full-i18n-1:24.13.0-1.module+el9.7.0+40084+5fab4181.aarch64.rpm", "nodejs-full-i18n-1:24.13.0-1.module+el9.7.0+40084+5fab4181.ppc64le.rpm", "nodejs-full-i18n-1:24.13.0-1.module+el9.7.0+40084+5fab4181.s390x.rpm", "nodejs-full-i18n-1:24.13.0-1.module+el9.7.0+40084+5fab4181.x86_64.rpm", "nodejs-libs-1:24.13.0-1.module+el9.7.0+40084+5fab4181.aarch64.rpm", "nodejs-libs-1:24.13.0-1.module+el9.7.0+40084+5fab4181.ppc64le.rpm", "nodejs-libs-1:24.13.0-1.module+el9.7.0+40084+5fab4181.s390x.rpm", "nodejs-libs-1:24.13.0-1.module+el9.7.0+40084+5fab4181.x86_64.rpm", "nodejs-libs-debuginfo-1:24.13.0-1.module+el9.7.0+40084+5fab4181.aarch64.rpm", "nodejs-libs-debuginfo-1:24.13.0-1.module+el9.7.0+40084+5fab4181.ppc64le.rpm", "nodejs-libs-debuginfo-1:24.13.0-1.module+el9.7.0+40084+5fab4181.s390x.rpm","nodejs-libs-debuginfo-1:24.13.0-1.module+el9.7.0+40084+5fab4181.x86_64.rpm", "npm-1:11.6.2-1.24.13.0.1.module+el9.7.0+40084+5fab4181.noarch.rpm", "v8-13.6-devel-3:13.6.233.17-1.24.13.0.1.module+el9.7.0+40084+5fab4181.aarch64.rpm", "v8-13.6-devel-3:13.6.233.17-1.24.13.0.1.module+el9.7.0+40084+5fab4181.ppc64le.rpm", "v8-13.6-devel-3:13.6.233.17-1.24.13.0.1.module+el9.7.0+40084+5fab4181.s390x.rpm", "v8-13.6-devel-3:13.6.233.17-1.24.13.0.1.module+el9.7.0+40084+5fab4181.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important security update for nodejs on Rocky Linux 9 addressing multiple vulnerabilities and performance threats.. Rocky Linux,nodejs security,security updates,application vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Feb 18, 2026
•Important
Rocky Linux
219
security advisorydenial of serviceimportantRocky Linux 9 RLSA-2026-2901 Python Potential Unauthorized Access Threat
Important: nodejs:22 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:2782", "synopsis": "Important: nodejs:22 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: Nodejs filesystem permissions bypass (CVE-2025-55132)\n\n* nodejs: Nodejs denial of service (CVE-2026-21637)\n\n* nodejs: Nodejs denial of service (CVE-2025-59466)\n\n* nodejs: Nodejs denial of service (CVE-2025-59465)\n\n* nodejs: Nodejs uninitialized memory exposure (CVE-2025-55131)\n\n* nodejs: Nodejs file permissions bypass (CVE-2025-55130)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2431338", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431338", "description": ""}, {"ticket": "2431340", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431340", "description": ""}, {"ticket": "2431343", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431343", "description": ""}, {"ticket": "2431349", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431349", "description": ""}, {"ticket": "2431350", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431350", "description": ""}, {"ticket": "2431352", "sourceBy": "Red Hat", "sourceLink":"https://bugzilla.redhat.com/show_bug.cgi?id=2431352", "description": ""}], "cves": [{"name": "CVE-2025-55130", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55130", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "cvss3BaseScore": "7.1", "cwe": "CWE-281"}, {"name": "CVE-2025-55131", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55131", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "cvss3BaseScore": "7.1", "cwe": "CWE-497"}, {"name": "CVE-2025-55132", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55132", "cvss3ScoringVector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "cvss3BaseScore": "2.8", "cwe": "CWE-281"}, {"name": "CVE-2025-59465", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-59465", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-248"}, {"name": "CVE-2025-59466", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-59466", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-770"}, {"name": "CVE-2026-21637", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21637", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-248"}], "references": [], "publishedAt": "2026-02-18T09:05:30.043251Z", "rpms": {"Rocky Linux 9": {"nvras": ["nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40017+f0db1785.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40018+a011993d.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40022+9ecc286c.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40017+f0db1785.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40022+9ecc286c.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40018+a011993d.src.rpm", "nodejs-packaging-0:2021.06-5.module+el9.7.0+40051+f2ef3f49.noarch.rpm","nodejs-packaging-0:2021.06-5.module+el9.7.0+40050+22a42328.noarch.rpm", "nodejs-packaging-0:2021.06-5.module+el9.7.0+40050+22a42328.src.rpm", "nodejs-packaging-0:2021.06-5.module+el9.7.0+40051+f2ef3f49.src.rpm", "nodejs-packaging-bundler-0:2021.06-5.module+el9.7.0+40051+f2ef3f49.noarch.rpm", "nodejs-packaging-bundler-0:2021.06-5.module+el9.7.0+40050+22a42328.noarch.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Node.js security updates for Rocky Linux addressing important issues including denial of service and file permissions.. nodejs security updates, Rocky Linux nodejs fix, important nodejs vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Feb 18, 2026
•Important
Rocky Linux
219
security advisorydenial of serviceimportantRocky Linux 9 RLSA-2026-2783 nodejs Important Denial of Service Issues
Important: nodejs:20 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:2783", "synopsis": "Important: nodejs:20 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: Nodejs filesystem permissions bypass (CVE-2025-55132)\n\n* nodejs: Nodejs denial of service (CVE-2026-21637)\n\n* nodejs: Nodejs denial of service (CVE-2025-59466)\n\n* nodejs: Nodejs denial of service (CVE-2025-59465)\n\n* nodejs: Nodejs uninitialized memory exposure (CVE-2025-55131)\n\n* nodejs: Nodejs file permissions bypass (CVE-2025-55130)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2431338", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431338", "description": ""}, {"ticket": "2431340", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431340", "description": ""}, {"ticket": "2431343", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431343", "description": ""}, {"ticket": "2431349", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431349", "description": ""}, {"ticket": "2431350", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431350", "description": ""}, {"ticket": "2431352", "sourceBy": "Red Hat", "sourceLink":"https://bugzilla.redhat.com/show_bug.cgi?id=2431352", "description": ""}], "cves": [{"name": "CVE-2025-55130", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55130", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "cvss3BaseScore": "7.1", "cwe": "CWE-281"}, {"name": "CVE-2025-55131", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55131", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "cvss3BaseScore": "7.1", "cwe": "CWE-497"}, {"name": "CVE-2025-55132", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55132", "cvss3ScoringVector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "cvss3BaseScore": "2.8", "cwe": "CWE-281"}, {"name": "CVE-2025-59465", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-59465", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-248"}, {"name": "CVE-2025-59466", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-59466", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-770"}, {"name": "CVE-2026-21637", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21637", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-248"}], "references": [], "publishedAt": "2026-02-18T09:05:30.043251Z", "rpms": {"Rocky Linux 9": {"nvras": ["nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40017+f0db1785.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40018+a011993d.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40022+9ecc286c.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40017+f0db1785.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40022+9ecc286c.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40018+a011993d.src.rpm", "nodejs-packaging-0:2021.06-5.module+el9.7.0+40051+f2ef3f49.noarch.rpm","nodejs-packaging-0:2021.06-5.module+el9.7.0+40050+22a42328.noarch.rpm", "nodejs-packaging-0:2021.06-5.module+el9.7.0+40050+22a42328.src.rpm", "nodejs-packaging-0:2021.06-5.module+el9.7.0+40051+f2ef3f49.src.rpm", "nodejs-packaging-bundler-0:2021.06-5.module+el9.7.0+40051+f2ef3f49.noarch.rpm", "nodejs-packaging-bundler-0:2021.06-5.module+el9.7.0+40050+22a42328.noarch.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Rocky Linux 9 nodejs security advisory covering important updates addressing multiple denial of service issues.. Rocky Linux nodejs security important update denial of service. . Severity: Important. LinuxSecurity.com Team
Feb 18, 2026
•Important
Rocky Linux
219
security advisorydenial of serviceimportantRocky Linux 9 RLSA-2026-1875 Nodejs Security Update Fixes Major Issues
Important: nodejs:20 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:2783", "synopsis": "Important: nodejs:20 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: Nodejs filesystem permissions bypass (CVE-2025-55132)\n\n* nodejs: Nodejs denial of service (CVE-2026-21637)\n\n* nodejs: Nodejs denial of service (CVE-2025-59466)\n\n* nodejs: Nodejs denial of service (CVE-2025-59465)\n\n* nodejs: Nodejs uninitialized memory exposure (CVE-2025-55131)\n\n* nodejs: Nodejs file permissions bypass (CVE-2025-55130)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2431338", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431338", "description": ""}, {"ticket": "2431340", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431340", "description": ""}, {"ticket": "2431343", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431343", "description": ""}, {"ticket": "2431349", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431349", "description": ""}, {"ticket": "2431350", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431350", "description": ""}, {"ticket": "2431352", "sourceBy": "Red Hat", "sourceLink":"https://bugzilla.redhat.com/show_bug.cgi?id=2431352", "description": ""}], "cves": [{"name": "CVE-2025-55130", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55130", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "cvss3BaseScore": "7.1", "cwe": "CWE-281"}, {"name": "CVE-2025-55131", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55131", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "cvss3BaseScore": "7.1", "cwe": "CWE-497"}, {"name": "CVE-2025-55132", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55132", "cvss3ScoringVector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "cvss3BaseScore": "2.8", "cwe": "CWE-281"}, {"name": "CVE-2025-59465", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-59465", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-248"}, {"name": "CVE-2025-59466", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-59466", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-770"}, {"name": "CVE-2026-21637", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21637", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-248"}], "references": [], "publishedAt": "2026-02-18T09:05:30.043251Z", "rpms": {"Rocky Linux 9": {"nvras": ["nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40017+f0db1785.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40018+a011993d.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40022+9ecc286c.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40017+f0db1785.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40022+9ecc286c.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40018+a011993d.src.rpm", "nodejs-packaging-0:2021.06-5.module+el9.7.0+40051+f2ef3f49.noarch.rpm","nodejs-packaging-0:2021.06-5.module+el9.7.0+40050+22a42328.noarch.rpm", "nodejs-packaging-0:2021.06-5.module+el9.7.0+40050+22a42328.src.rpm", "nodejs-packaging-0:2021.06-5.module+el9.7.0+40051+f2ef3f49.src.rpm", "nodejs-packaging-bundler-0:2021.06-5.module+el9.7.0+40051+f2ef3f49.noarch.rpm", "nodejs-packaging-bundler-0:2021.06-5.module+el9.7.0+40050+22a42328.noarch.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Node.js receives critical updates for security issues affecting Rocky Linux, including denial of service and permissions bypass.. nodejs updates, Rocky Linux security, denial of service fixes, important nodejs updates. . Severity: Important. LinuxSecurity.com Team
Feb 18, 2026
•Important
Rocky Linux
219
security advisorydenial of serviceimportantCentOS Stream 9 HSA-2023-8901 ruby Major Vulnerability Patch
Important: nodejs:20 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:2783", "synopsis": "Important: nodejs:20 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: Nodejs filesystem permissions bypass (CVE-2025-55132)\n\n* nodejs: Nodejs denial of service (CVE-2026-21637)\n\n* nodejs: Nodejs denial of service (CVE-2025-59466)\n\n* nodejs: Nodejs denial of service (CVE-2025-59465)\n\n* nodejs: Nodejs uninitialized memory exposure (CVE-2025-55131)\n\n* nodejs: Nodejs file permissions bypass (CVE-2025-55130)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2431338", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431338", "description": ""}, {"ticket": "2431340", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431340", "description": ""}, {"ticket": "2431343", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431343", "description": ""}, {"ticket": "2431349", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431349", "description": ""}, {"ticket": "2431350", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431350", "description": ""}, {"ticket": "2431352", "sourceBy": "Red Hat", "sourceLink":"https://bugzilla.redhat.com/show_bug.cgi?id=2431352", "description": ""}], "cves": [{"name": "CVE-2025-55130", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55130", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "cvss3BaseScore": "7.1", "cwe": "CWE-281"}, {"name": "CVE-2025-55131", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55131", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "cvss3BaseScore": "7.1", "cwe": "CWE-497"}, {"name": "CVE-2025-55132", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55132", "cvss3ScoringVector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "cvss3BaseScore": "2.8", "cwe": "CWE-281"}, {"name": "CVE-2025-59465", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-59465", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-248"}, {"name": "CVE-2025-59466", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-59466", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-770"}, {"name": "CVE-2026-21637", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21637", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-248"}], "references": [], "publishedAt": "2026-02-18T09:05:30.043251Z", "rpms": {"Rocky Linux 9": {"nvras": ["nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40017+f0db1785.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40018+a011993d.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40022+9ecc286c.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40017+f0db1785.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40022+9ecc286c.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40018+a011993d.src.rpm", "nodejs-packaging-0:2021.06-5.module+el9.7.0+40051+f2ef3f49.noarch.rpm","nodejs-packaging-0:2021.06-5.module+el9.7.0+40050+22a42328.noarch.rpm", "nodejs-packaging-0:2021.06-5.module+el9.7.0+40050+22a42328.src.rpm", "nodejs-packaging-0:2021.06-5.module+el9.7.0+40051+f2ef3f49.src.rpm", "nodejs-packaging-bundler-0:2021.06-5.module+el9.7.0+40051+f2ef3f49.noarch.rpm", "nodejs-packaging-bundler-0:2021.06-5.module+el9.7.0+40050+22a42328.noarch.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Update for nodejs on Rocky Linux 9 addresses important security risks such as denial of service and permissions issues.. Rocky Linux,nodejs security,nodejs update,RLSA advisory,security fix. . Severity: Important. LinuxSecurity.com Team
Feb 18, 2026
•Important
Rocky Linux
219
security advisorydenial of serviceimportantAlpine Linux 3.17 RLSA-2026-2786 Major Security Upgrades For Python Applied
Important: nodejs:20 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:2783", "synopsis": "Important: nodejs:20 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: Nodejs filesystem permissions bypass (CVE-2025-55132)\n\n* nodejs: Nodejs denial of service (CVE-2026-21637)\n\n* nodejs: Nodejs denial of service (CVE-2025-59466)\n\n* nodejs: Nodejs denial of service (CVE-2025-59465)\n\n* nodejs: Nodejs uninitialized memory exposure (CVE-2025-55131)\n\n* nodejs: Nodejs file permissions bypass (CVE-2025-55130)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2431338", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431338", "description": ""}, {"ticket": "2431340", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431340", "description": ""}, {"ticket": "2431343", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431343", "description": ""}, {"ticket": "2431349", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431349", "description": ""}, {"ticket": "2431350", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431350", "description": ""}, {"ticket": "2431352", "sourceBy": "Red Hat", "sourceLink":"https://bugzilla.redhat.com/show_bug.cgi?id=2431352", "description": ""}], "cves": [{"name": "CVE-2025-55130", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55130", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "cvss3BaseScore": "7.1", "cwe": "CWE-281"}, {"name": "CVE-2025-55131", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55131", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "cvss3BaseScore": "7.1", "cwe": "CWE-497"}, {"name": "CVE-2025-55132", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-55132", "cvss3ScoringVector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "cvss3BaseScore": "2.8", "cwe": "CWE-281"}, {"name": "CVE-2025-59465", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-59465", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-248"}, {"name": "CVE-2025-59466", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-59466", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-770"}, {"name": "CVE-2026-21637", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21637", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-248"}], "references": [], "publishedAt": "2026-02-18T09:05:30.043251Z", "rpms": {"Rocky Linux 9": {"nvras": ["nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40017+f0db1785.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40018+a011993d.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40022+9ecc286c.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40017+f0db1785.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40022+9ecc286c.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+40018+a011993d.src.rpm", "nodejs-packaging-0:2021.06-5.module+el9.7.0+40051+f2ef3f49.noarch.rpm","nodejs-packaging-0:2021.06-5.module+el9.7.0+40050+22a42328.noarch.rpm", "nodejs-packaging-0:2021.06-5.module+el9.7.0+40050+22a42328.src.rpm", "nodejs-packaging-0:2021.06-5.module+el9.7.0+40051+f2ef3f49.src.rpm", "nodejs-packaging-bundler-0:2021.06-5.module+el9.7.0+40051+f2ef3f49.noarch.rpm", "nodejs-packaging-bundler-0:2021.06-5.module+el9.7.0+40050+22a42328.noarch.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important security updates for nodejs on Rocky Linux 9 address multiple issues including denial of service and filesystem bypass.. Rocky Linux, nodejs, security updates, filesystem permissions, denial of service. . Severity: Important. LinuxSecurity.com Team
Feb 18, 2026
•Important
Rocky Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!