Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 470 articles for you...
203

Mageia Node.js Critical Memory Growth and Identity Check Issues 2026-0257

Security update. Publication date: 18 Jul 2026 URL: https://advisories.mageia.org/MGASA-2026-0257.html Type: security Affected Mageia releases: 10, 9 CVE: CVE-2026-48615, CVE-2026-48617, CVE-2026-48618, CVE-2026-48619, CVE-2026-48928, CVE-2026-48930, CVE-2026-48931, CVE-2026-48933, CVE-2026-48934, CVE-2026-48935, CVE-2026-48937 Description: lib,test: redact proxy credentials in tunnel errors. (CVE-2026-48615) permission: handle process.chdir on writereport. (CVE-2026-48617) tls: normalize hostname for server identity checks. (CVE-2026-48618) http2: cap originSet size to prevent unbounded memory growth. (CVE-2026-48619) tls: fix case-sensitive SNI context matching. (CVE-2026-48928) dns,net: reject hostnames with embedded NUL bytes. (CVE-2026-48930) http: fix response queue poisoning in http.Agent. (CVE-2026-48931) crypto: guard WebCrypto cipher output length. (CVE-2026-48933) tls: bind reusable sessions to authenticated host. (CVE-2026-48934) permission: disable FileHandle utimes with permission model. (CVE-2026-48935) deps: fix integration issues with the latest nghttp2. (CVE-2026-48937) References: - https://bugs.mageia.org/show_bug.cgi?id=35724 - https://nodejs.org/en/blog/release/v22.23.0 - https://nodejs.org/en/blog/vulnerability/june-2026-security-releases - https://www.cve.org/CVERecord?id=CVE-2026-48615 - https://www.cve.org/CVERecord?id=CVE-2026-48617 - https://www.cve.org/CVERecord?id=CVE-2026-48618 - https://www.cve.org/CVERecord?id=CVE-2026-48619 - https://www.cve.org/CVERecord?id=CVE-2026-48928 - https://www.cve.org/CVERecord?id=CVE-2026-48930 - https://www.cve.org/CVERecord?id=CVE-2026-48931 - https://www.cve.org/CVERecord?id=CVE-2026-48933 - https://www.cve.org/CVERecord?id=CVE-2026-48934 - https://www.cve.org/CVERecord?id=CVE-2026-48935 - https://www.cve.org/CVERecord?id=CVE-2026-48937 SRPMS: - 10/core/nodejs-22.23.1-2.mga10 - 9/core/nodejs-22.23.1-2.mga9 . Security vulnerabilities identified in Node.js for Mageia 10 and 9 requireimmediate attention. Patching instructions included.. nodejs security update,mageia vulnerability,critical security alert. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 18, 2026 Critical Mageia
217

Oracle Linux 9 Node.js Important Bug Fix Advisory ELSA-2026-35892

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-35892 http://linux.oracle.com/errata/ELSA-2026-35892.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: nodejs-22.23.1-1.module+el9.8.0+90947+d3e8e647.x86_64.rpm nodejs-devel-22.23.1-1.module+el9.8.0+90947+d3e8e647.x86_64.rpm nodejs-docs-22.23.1-1.module+el9.8.0+90947+d3e8e647.noarch.rpm nodejs-full-i18n-22.23.1-1.module+el9.8.0+90947+d3e8e647.x86_64.rpm nodejs-libs-22.23.1-1.module+el9.8.0+90947+d3e8e647.x86_64.rpm nodejs-nodemon-3.0.1-1.module+el9.8.0+90947+d3e8e647.noarch.rpm nodejs-packaging-2021.06-6.module+el9.8.0+90947+d3e8e647.noarch.rpm nodejs-packaging-bundler-2021.06-6.module+el9.8.0+90947+d3e8e647.noarch.rpm npm-10.9.8-1.22.23.1.1.module+el9.8.0+90947+d3e8e647.x86_64.rpm v8-12.4-devel-12.4.254.21-1.22.23.1.1.module+el9.8.0+90947+d3e8e647.x86_64.rpm aarch64: nodejs-22.23.1-1.module+el9.8.0+90947+d3e8e647.aarch64.rpm nodejs-devel-22.23.1-1.module+el9.8.0+90947+d3e8e647.aarch64.rpm nodejs-docs-22.23.1-1.module+el9.8.0+90947+d3e8e647.noarch.rpm nodejs-full-i18n-22.23.1-1.module+el9.8.0+90947+d3e8e647.aarch64.rpm nodejs-libs-22.23.1-1.module+el9.8.0+90947+d3e8e647.aarch64.rpm nodejs-nodemon-3.0.1-1.module+el9.8.0+90947+d3e8e647.noarch.rpm nodejs-packaging-2021.06-6.module+el9.8.0+90947+d3e8e647.noarch.rpm nodejs-packaging-bundler-2021.06-6.module+el9.8.0+90947+d3e8e647.noarch.rpm npm-10.9.8-1.22.23.1.1.module+el9.8.0+90947+d3e8e647.aarch64.rpm v8-12.4-devel-12.4.254.21-1.22.23.1.1.module+el9.8.0+90947+d3e8e647.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/nodejs-22.23.1-1.module+el9.8.0+90947+d3e8e647.src.rpm http://oss.oracle.com/ol9/SRPMS-updates/nodejs-nodemon-3.0.1-1.module+el9.8.0+90947+d3e8e647.src.rpm http://oss.oracle.com/ol9/SRPMS-updates/nodejs-packaging-2021.06-6.module+el9.8.0+90947+d3e8e647.src.rpm RelatedCVEs: CVE-2026-6733 CVE-2026-9678 CVE-2026-11525 CVE-2026-12151 CVE-2026-42338 CVE-2026-48615 CVE-2026-48618 CVE-2026-48619 CVE-2026-48928 CVE-2026-48930 CVE-2026-48933 CVE-2026-48934 CVE-2026-48935 Description of changes: nodejs [1:22.23.1-1] - Update to version 22.23.1 Resolves: RHEL-186622 RHEL-185998 RHEL-183669 Fixes: CVE-2026-12151 CVE-2026-48618 CVE-2026-48933 CVE-2026-48937 CVE-2026-48930 CVE-2026-48619 CVE-2026-48615 CVE-2026-48934 CVE-2026-48928 CVE-2026-48617 CVE-2026-48931 CVE-2026-48935 CVE-2026-42338 nodejs-nodemon [3.0.1-1] - Rebase to 3.0.1 - Resolves: CVE-2022-25883 [2.0.20-2] - Patch bundled glob-parent - Resolves: CVE-2021-35065 [2.0.20-1] - Rebase to 2.0.20 Resolves: CVE-2022-3517 [2.0.15-1] - Resolves: RHBZ#2005419 - Resolves CVE-2020-28469 - Rebase to newest version - Change source to npmjs.com nodejs-packaging [2021.06-6] - Properly handle @group/package deps in nodejs-symlink-deps Resolves: RHEL-120511 [2021.06-5] - nodejs.req to properly detect bundled deps _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Updated packages for Oracle Linux 9 enhance Node.js security and functionality addressing several crucial CVEs.. Oracle Linux, Node.js update, security patches, important advisories. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 Important Oracle
217

Oracle Linux 9 Nodejs Important Bug Fix Advisory ELSA-2026-35891

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-35891 http://linux.oracle.com/errata/ELSA-2026-35891.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: nodejs-24.18.0-1.module+el9.8.0+90946+13dc792a.x86_64.rpm nodejs-devel-24.18.0-1.module+el9.8.0+90946+13dc792a.x86_64.rpm nodejs-docs-24.18.0-1.module+el9.8.0+90946+13dc792a.noarch.rpm nodejs-full-i18n-24.18.0-1.module+el9.8.0+90946+13dc792a.x86_64.rpm nodejs-libs-24.18.0-1.module+el9.8.0+90946+13dc792a.x86_64.rpm nodejs-nodemon-3.0.3-3.module+el9.8.0+90946+13dc792a.noarch.rpm nodejs-packaging-2021.06-6.module+el9.8.0+90946+13dc792a.noarch.rpm nodejs-packaging-bundler-2021.06-6.module+el9.8.0+90946+13dc792a.noarch.rpm npm-11.16.0-1.24.18.0.1.module+el9.8.0+90946+13dc792a.noarch.rpm v8-13.6-devel-13.6.233.17-1.24.18.0.1.module+el9.8.0+90946+13dc792a.x86_64.rpm aarch64: nodejs-24.18.0-1.module+el9.8.0+90946+13dc792a.aarch64.rpm nodejs-devel-24.18.0-1.module+el9.8.0+90946+13dc792a.aarch64.rpm nodejs-docs-24.18.0-1.module+el9.8.0+90946+13dc792a.noarch.rpm nodejs-full-i18n-24.18.0-1.module+el9.8.0+90946+13dc792a.aarch64.rpm nodejs-libs-24.18.0-1.module+el9.8.0+90946+13dc792a.aarch64.rpm nodejs-nodemon-3.0.3-3.module+el9.8.0+90946+13dc792a.noarch.rpm nodejs-packaging-2021.06-6.module+el9.8.0+90946+13dc792a.noarch.rpm nodejs-packaging-bundler-2021.06-6.module+el9.8.0+90946+13dc792a.noarch.rpm npm-11.16.0-1.24.18.0.1.module+el9.8.0+90946+13dc792a.noarch.rpm v8-13.6-devel-13.6.233.17-1.24.18.0.1.module+el9.8.0+90946+13dc792a.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/nodejs-24.18.0-1.module+el9.8.0+90946+13dc792a.src.rpm http://oss.oracle.com/ol9/SRPMS-updates/nodejs-nodemon-3.0.3-3.module+el9.8.0+90946+13dc792a.src.rpm http://oss.oracle.com/ol9/SRPMS-updates/nodejs-packaging-2021.06-6.module+el9.8.0+90946+13dc792a.src.rpm RelatedCVEs: CVE-2026-6733 CVE-2026-6734 CVE-2026-9678 CVE-2026-9697 CVE-2026-11525 CVE-2026-12151 CVE-2026-42338 CVE-2026-48615 CVE-2026-48618 CVE-2026-48619 CVE-2026-48928 CVE-2026-48930 CVE-2026-48933 CVE-2026-48934 CVE-2026-48935 Description of changes: nodejs [1:24.18.0-1] - Update to version 24.18.0 nodejs-nodemon [3.0.3-3] - Keep BR on just npm [3.0.3-2] - Fix BR for nodejs-npm nodejs-packaging [2021.06-6] - Properly handle @group/package deps in nodejs-symlink-deps Resolves: RHEL-121569 [2021.06-5] - nodejs.req to properly detect bundled deps _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 9 advisory ELSA-2026-35891 details crucial updates for Node.js enhancing security and performance.. Oracle Linux, Node.js Security, ELSA Advisory, Bug Fix, Software Update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 Important Oracle
197

Debian 11 Node.js Major Denial of Service Warning DLA-4598-1 CVE-2025-59465

Multiple vulnerabilities were discovered in Node.js, which could result in denial of service or information disclosure. For Debian 11 bullseye, these problems have been fixed in version 12.22.12~dfsg-1~deb11u8. We recommend that you upgrade your nodejs packages.. Debian LTS Advisory DLA-4598-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Bastien Roucari��s May 24, 2026 https://wiki.debian.org/LTS Package : nodejs Version : 12.22.12~dfsg-1~deb11u8 CVE ID : CVE-2025-59465 CVE-2026-21637 CVE-2026-21714 Multiple vulnerabilities were discovered in Node.js, which could result in denial of service or information disclosure. For Debian 11 bullseye, these problems have been fixed in version 12.22.12~dfsg-1~deb11u8. We recommend that you upgrade your nodejs packages. For the detailed security status of nodejs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nodejs Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Multiple critical vulnerabilities in Node.js for Debian 11 could lead to denial of service or information disclosure.. nodejs security, Debian LTS, denial of service risk, information disclosure threat. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 24, 2026 Critical Debian LTS
87

Debian Node.js DSA-6272-1 Critical Denial of Service Issues

Multiple vulnerabilities were discovered in Node.js, which could result in denial of service or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 18.20.4+dfsg-1~deb12u2. We recommend that you upgrade your nodejs packages.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6272-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff May 14, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nodejs CVE ID : CVE-2025-23085 CVE-2025-23166 CVE-2025-55131 CVE-2025-59465 CVE-2025-59466 CVE-2026-21710 CVE-2026-21713 CVE-2026-21714 Multiple vulnerabilities were discovered in Node.js, which could result in denial of service or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 18.20.4+dfsg-1~deb12u2. We recommend that you upgrade your nodejs packages. For the detailed security status of nodejs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nodejs Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Update your Node.js packages in Debian to fix critical vulnerabilities leading to denial of service and information disclosure.. Debian Node.js Update Critical Vulnerabilities Denial of Service. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 14, 2026 Critical Debian
217

Oracle Linux 8 nodejs Important Vulnerability Advisory ELSA-2026-8339

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-8339 http://linux.oracle.com/errata/ELSA-2026-8339.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: nodejs-20.20.2-1.module+el8.10.0+90878+0d41f8c0.x86_64.rpm nodejs-devel-20.20.2-1.module+el8.10.0+90878+0d41f8c0.x86_64.rpm nodejs-docs-20.20.2-1.module+el8.10.0+90878+0d41f8c0.noarch.rpm nodejs-full-i18n-20.20.2-1.module+el8.10.0+90878+0d41f8c0.x86_64.rpm nodejs-nodemon-3.0.1-1.module+el8.10.0+90743+b61054a8.noarch.rpm nodejs-packaging-2021.06-5.module+el8.10.0+90878+0d41f8c0.noarch.rpm nodejs-packaging-bundler-2021.06-5.module+el8.10.0+90878+0d41f8c0.noarch.rpm npm-10.8.2-1.20.20.2.1.module+el8.10.0+90878+0d41f8c0.x86_64.rpm aarch64: nodejs-20.20.2-1.module+el8.10.0+90878+0d41f8c0.aarch64.rpm nodejs-devel-20.20.2-1.module+el8.10.0+90878+0d41f8c0.aarch64.rpm nodejs-docs-20.20.2-1.module+el8.10.0+90878+0d41f8c0.noarch.rpm nodejs-full-i18n-20.20.2-1.module+el8.10.0+90878+0d41f8c0.aarch64.rpm nodejs-nodemon-3.0.1-1.module+el8.10.0+90743+b61054a8.noarch.rpm nodejs-packaging-2021.06-5.module+el8.10.0+90878+0d41f8c0.noarch.rpm nodejs-packaging-bundler-2021.06-5.module+el8.10.0+90878+0d41f8c0.noarch.rpm npm-10.8.2-1.20.20.2.1.module+el8.10.0+90878+0d41f8c0.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/nodejs-20.20.2-1.module+el8.10.0+90878+0d41f8c0.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/nodejs-nodemon-3.0.1-1.module+el8.10.0+90743+b61054a8.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/nodejs-packaging-2021.06-5.module+el8.10.0+90878+0d41f8c0.src.rpm Related CVEs: CVE-2026-21710 CVE-2026-26996 CVE-2026-27135 CVE-2026-27904 Description of changes: nodejs [1:20.20.2-1] - Update to version 20.20.2 - Patch nghttp2 to version 1.68.1 and disable tests which would fail due to this change. Resolves: RHEL-154018 Fixes: CVE-2026-27135 CVE-2026-27904 CVE-2026-26996 CVE-2026-25547CVE-2026-21710 nodejs-nodemon [3.0.1-1] - Rebase to 3.0.1 - Resolves: CVE-2022-25883 [2.0.20-2] - Patch bundled glob-parent - Resolves: CVE-2021-35065 [2.0.20-1] - Rebase to 2.0.20 Resolves: CVE-2022-3517 [2.0.19-1] - Rebase to 2.0.19 Resolves: CVE-2022-33987 [2.0.15-1] - Resolves: RHBZ#2005419 - Resolves CVE-2020-28469 - Rebase to newest version - Change source to npmjs.com [2.0.7-1] - Resolves: RHBZ#1953991 - Update to 2.0.7 to resolve CVE-2020-28469 [2.0.3-1] - Updated [1.18.3-1] - Resolves: #1615413 - Updated - bundled [1.11.0-2] - rh-nodejs8 rebuild [1.11.0-1] - Updated with script nodejs-packaging [2021.06-5] - nodejs.req properly detect bundled deps [2021.06-4] - NPM bundler: also find namespaced bundled dependencies [2021.06-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild [2021.06-2] - Fix hard-coded output directory in the bundler [2021.06-1] - Update to 2021.06-1 - bundler: Handle archaic license metadata - bundler: Warn about bundled dependencies with no license metadata [2021.01-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [2021.01-2] - nodejs-packaging-bundler improvements to handle uncommon characters [2021.01] - Add nodejs-packaging-bundler and update README.md [2020.09-1] - Move to dist-git as the upstream [25-1] - Fix incorrect bundled library detection for Requires _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 8 nodejs update addresses important security issues. Ensure timely application of patches to safeguard systems.. oracle linux 8,nodejs update,security advisory,application update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 19, 2026 Important Oracle
219

CentOS Stream 9 Node.js Urgent Security Update RLSB-2028-1927

Important: nodejs:20 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:8339", "synopsis": "Important: nodejs:20 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for nodejs-nodemon, module.nodejs-packaging, module.nodejs-nodemon, nodejs-packaging.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)\n\n* minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions (CVE-2026-27904)\n\n* nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)\n\n* Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2441268", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", "description": ""}, {"ticket": "2442922", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", "description": ""}, {"ticket": "2448754", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", "description": ""}, {"ticket": "2453151", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", "description": ""}], "cves": [{"name": "CVE-2026-21710", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21710", "cvss3ScoringVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-843"}, {"name": "CVE-2026-26996", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-26996", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3BaseScore": "6.5", "cwe": "CWE-1333"}, {"name": "CVE-2026-27135", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-27135", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-617"}, {"name": "CVE-2026-27904", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-27904", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3BaseScore": "6.5", "cwe": "CWE-1333"}], "references": [], "publishedAt": "2026-04-16T00:01:17.370160Z", "rpms": {"Rocky Linux 8": {"nvras": ["nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1988+437f3d23.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1824+532140ee.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1935+d3cbe60f.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1924+614dc87f.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1666+930e28e8.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1989+e60144d9.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1667+4a788d89.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+1760+903d54b9.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1823+b5789597.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1924+614dc87f.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1935+d3cbe60f.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1666+930e28e8.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1667+4a788d89.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1989+e60144d9.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1988+437f3d23.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+1760+903d54b9.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1823+b5789597.src.rpm","nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1824+532140ee.src.rpm", "nodejs-packaging-0:2021.06-6.module+el8.10.0+40048+6d99f608.noarch.rpm", "nodejs-packaging-0:2021.06-6.module+el8.10.0+40048+6d99f608.src.rpm", "nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+40048+6d99f608.noarch.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Updates for nodejs on Rocky Linux 8 address important DoS issues. Check impacts and solutions for secure configuration.. nodejs security update, Rocky Linux advisory, important nodejs vulnerabilities, denial of service fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 16, 2026 Important Rocky Linux
217

Oracle Linux 9 ELSA-2026-7896 Nodejs Important DoS Threat

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-7896 http://linux.oracle.com/errata/ELSA-2026-7896.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: nodejs-20.20.2-1.module+el9.7.0+90874+6d84790f.x86_64.rpm nodejs-devel-20.20.2-1.module+el9.7.0+90874+6d84790f.x86_64.rpm nodejs-docs-20.20.2-1.module+el9.7.0+90874+6d84790f.noarch.rpm nodejs-full-i18n-20.20.2-1.module+el9.7.0+90874+6d84790f.x86_64.rpm nodejs-nodemon-3.0.1-1.module+el9.7.0+90874+6d84790f.noarch.rpm nodejs-packaging-2021.06-6.module+el9.7.0+90874+6d84790f.noarch.rpm nodejs-packaging-bundler-2021.06-6.module+el9.7.0+90874+6d84790f.noarch.rpm npm-10.8.2-1.20.20.2.1.module+el9.7.0+90874+6d84790f.x86_64.rpm aarch64: nodejs-20.20.2-1.module+el9.7.0+90874+6d84790f.aarch64.rpm nodejs-devel-20.20.2-1.module+el9.7.0+90874+6d84790f.aarch64.rpm nodejs-docs-20.20.2-1.module+el9.7.0+90874+6d84790f.noarch.rpm nodejs-full-i18n-20.20.2-1.module+el9.7.0+90874+6d84790f.aarch64.rpm nodejs-nodemon-3.0.1-1.module+el9.7.0+90874+6d84790f.noarch.rpm nodejs-packaging-2021.06-6.module+el9.7.0+90874+6d84790f.noarch.rpm nodejs-packaging-bundler-2021.06-6.module+el9.7.0+90874+6d84790f.noarch.rpm npm-10.8.2-1.20.20.2.1.module+el9.7.0+90874+6d84790f.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/nodejs-20.20.2-1.module+el9.7.0+90874+6d84790f.src.rpm http://oss.oracle.com/ol9/SRPMS-updates/nodejs-nodemon-3.0.1-1.module+el9.7.0+90874+6d84790f.src.rpm http://oss.oracle.com/ol9/SRPMS-updates/nodejs-packaging-2021.06-6.module+el9.7.0+90874+6d84790f.src.rpm Related CVEs: CVE-2026-21710 CVE-2026-26996 CVE-2026-27135 CVE-2026-27904 Description of changes: nodejs [1:20.20.2-1] - Update to version 20.20.2 Patch nghttp2 to version 1.68.1 and disable tests which would fail due to this change. Resolves: RHEL-164336 Fixes: CVE-2026-27135 CVE-2026-27904 CVE-2026-26996 CVE-2026-25547CVE-2026-21710 nodejs-nodemon [3.0.1-1] - Rebase to 3.0.1 - Resolves: CVE-2022-25883 [2.0.20-2] - Patch bundled glob-parent - Resolves: CVE-2021-35065 [2.0.20-1] - Rebase to 2.0.20 Resolves: CVE-2022-3517 [2.0.15-1] - Resolves: RHBZ#2005419 - Resolves CVE-2020-28469 - Rebase to newest version - Change source to npmjs.com nodejs-packaging [2021.06-6] - Properly handle @group/package deps in nodejs-symlink-deps Resolves: RHEL-121579 [2021.06-5] - nodejs.req to properly detect bundled deps _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Updated nodejs for Oracle Linux 9 addresses critical issues including DoS risks. Learn about recent security updates and CVEs.. Oracle Linux,nodejs,security fixes,software update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 15, 2026 Important Oracle
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200