Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/nodejs@22.13.1-r0?arch=x86&distroversion=v3.22&reponame=main

Type apk

Namespace alpine

Name nodejs

Version 22.13.1-r0

Qualifiers

arch	x86
distroversion	v3.22
reponame	main

Subpath

Is_vulnerable false

Next_non_vulnerable_version 22.16.0-r0

Latest_non_vulnerable_version 22.22.2-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-pah5-gspe-hbbh

vulnerability_id VCID-pah5-gspe-hbbh

summary

Use of Insufficiently Random Values in undici
### Impact

[Undici `fetch()` uses Math.random()](https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113) to choose the boundary for a multipart/form-data request. It is known that the output of Math.random() can be predicted if several of its generated values are known.

If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, An attacker can tamper with the requests going to the backend APIs if certain conditions are met.

### Patches

This is fixed in 5.28.5; 6.21.1; 7.2.3.

### Workarounds

Do not issue multipart requests to attacker controlled servers.

### References

* https://hackerone.com/reports/2913312
* https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22150.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22150.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-22150

reference_id

reference_type

scores

value	0.00605
scoring_system	epss
scoring_elements	0.69637
published_at	2026-04-16T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69597
published_at	2026-04-13T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69611
published_at	2026-04-12T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69626
published_at	2026-04-11T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69543
published_at	2026-04-02T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69587
published_at	2026-04-08T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69537
published_at	2026-04-07T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69558
published_at	2026-04-04T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69604
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-22150

reference_url

https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:34:22Z/

url

https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/nodejs/undici

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/nodejs/undici

reference_url

https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:34:22Z/

url

https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113

reference_url

https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:34:22Z/

url

https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0

reference_url

https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:34:22Z/

url

https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a

reference_url

https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:34:22Z/

url

https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385

reference_url

https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:34:22Z/

url

https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975

reference_url

https://hackerone.com/reports/2913312

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:34:22Z/

url

https://hackerone.com/reports/2913312

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-22150

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-22150

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2339176
reference_id	2339176
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2339176

reference_url

https://github.com/advisories/GHSA-c76h-2ccp-4975

reference_id

GHSA-c76h-2ccp-4975

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c76h-2ccp-4975

reference_url	https://access.redhat.com/errata/RHSA-2025:1351
reference_id	RHSA-2025:1351
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1351

reference_url	https://access.redhat.com/errata/RHSA-2025:1443
reference_id	RHSA-2025:1443
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1443

reference_url	https://access.redhat.com/errata/RHSA-2025:1446
reference_id	RHSA-2025:1446
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1446

reference_url	https://access.redhat.com/errata/RHSA-2025:1454
reference_id	RHSA-2025:1454
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1454

reference_url	https://access.redhat.com/errata/RHSA-2025:1582
reference_id	RHSA-2025:1582
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1582

reference_url	https://access.redhat.com/errata/RHSA-2025:1611
reference_id	RHSA-2025:1611
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1611

reference_url	https://access.redhat.com/errata/RHSA-2025:1613
reference_id	RHSA-2025:1613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1613

reference_url	https://access.redhat.com/errata/RHSA-2025:17145
reference_id	RHSA-2025:17145
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:17145

reference_url	https://access.redhat.com/errata/RHSA-2025:1931
reference_id	RHSA-2025:1931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1931

reference_url	https://access.redhat.com/errata/RHSA-2025:2588
reference_id	RHSA-2025:2588
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2588

reference_url	https://access.redhat.com/errata/RHSA-2025:3368
reference_id	RHSA-2025:3368
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3368

reference_url	https://access.redhat.com/errata/RHSA-2025:3374
reference_id	RHSA-2025:3374
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3374

reference_url	https://access.redhat.com/errata/RHSA-2025:3397
reference_id	RHSA-2025:3397
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3397

fixed_packages

url	pkg:apk/alpine/nodejs@22.13.1-r0?arch=x86&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/nodejs@22.13.1-r0?arch=x86&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@22.13.1-r0%3Farch=x86&distroversion=v3.22&reponame=main

aliases CVE-2025-22150, GHSA-c76h-2ccp-4975

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pah5-gspe-hbbh

url VCID-pd4q-4b15-gqey

vulnerability_id VCID-pd4q-4b15-gqey

summary

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory.

On Windows, a path that does not start with the file separator is treated as relative to the current directory. 

This vulnerability affects Windows users of `path.join` API.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-23084

reference_id

reference_type

scores

value	0.01289
scoring_system	epss
scoring_elements	0.79677
published_at	2026-04-16T12:55:00Z

value	0.01289
scoring_system	epss
scoring_elements	0.79605
published_at	2026-04-02T12:55:00Z

value	0.01289
scoring_system	epss
scoring_elements	0.79671
published_at	2026-04-11T12:55:00Z

value	0.01289
scoring_system	epss
scoring_elements	0.79655
published_at	2026-04-12T12:55:00Z

value	0.01289
scoring_system	epss
scoring_elements	0.79648
published_at	2026-04-13T12:55:00Z

value	0.01289
scoring_system	epss
scoring_elements	0.79627
published_at	2026-04-04T12:55:00Z

value	0.01289
scoring_system	epss
scoring_elements	0.79614
published_at	2026-04-07T12:55:00Z

value	0.01289
scoring_system	epss
scoring_elements	0.79642
published_at	2026-04-08T12:55:00Z

value	0.01289
scoring_system	epss
scoring_elements	0.7965
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-23084

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://nodejs.org/en/blog/vulnerability/january-2025-security-releases

reference_id

january-2025-security-releases

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-28T15:07:59Z/

url

https://nodejs.org/en/blog/vulnerability/january-2025-security-releases

fixed_packages

url	pkg:apk/alpine/nodejs@22.13.1-r0?arch=x86&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/nodejs@22.13.1-r0?arch=x86&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@22.13.1-r0%3Farch=x86&distroversion=v3.22&reponame=main

aliases CVE-2025-23084

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pd4q-4b15-gqey

url VCID-wf5t-3pwz-c7d7

vulnerability_id VCID-wf5t-3pwz-c7d7

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which can lead to arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23085.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23085.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-23085

reference_id

reference_type

scores

value	0.00164
scoring_system	epss
scoring_elements	0.37451
published_at	2026-04-16T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.3744
published_at	2026-04-08T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37452
published_at	2026-04-09T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37466
published_at	2026-04-11T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37431
published_at	2026-04-12T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37404
published_at	2026-04-13T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38175
published_at	2026-04-02T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38197
published_at	2026-04-04T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38068
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-23085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23085
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23085

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094134
reference_id	1094134
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094134

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2342618
reference_id	2342618
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2342618

reference_url	https://security.gentoo.org/glsa/202506-08
reference_id	GLSA-202506-08
reference_type
scores
url	https://security.gentoo.org/glsa/202506-08

reference_url

https://nodejs.org/en/blog/vulnerability/january-2025-security-releases

reference_id

january-2025-security-releases

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-07T15:50:24Z/

url

https://nodejs.org/en/blog/vulnerability/january-2025-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2025:1351
reference_id	RHSA-2025:1351
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1351

reference_url	https://access.redhat.com/errata/RHSA-2025:1443
reference_id	RHSA-2025:1443
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1443

reference_url	https://access.redhat.com/errata/RHSA-2025:1446
reference_id	RHSA-2025:1446
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1446

reference_url	https://access.redhat.com/errata/RHSA-2025:1582
reference_id	RHSA-2025:1582
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1582

reference_url	https://access.redhat.com/errata/RHSA-2025:1611
reference_id	RHSA-2025:1611
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1611

reference_url	https://access.redhat.com/errata/RHSA-2025:1613
reference_id	RHSA-2025:1613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1613

fixed_packages

url	pkg:apk/alpine/nodejs@22.13.1-r0?arch=x86&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/nodejs@22.13.1-r0?arch=x86&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@22.13.1-r0%3Farch=x86&distroversion=v3.22&reponame=main

aliases CVE-2025-23085

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wf5t-3pwz-c7d7

url VCID-ydzj-e97m-k3cp

vulnerability_id VCID-ydzj-e97m-k3cp

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which can lead to arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23083.json

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23083.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-23083

reference_id

reference_type

scores

value	0.00105
scoring_system	epss
scoring_elements	0.28663
published_at	2026-04-02T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28548
published_at	2026-04-16T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28621
published_at	2026-04-11T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28578
published_at	2026-04-12T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28529
published_at	2026-04-13T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28709
published_at	2026-04-04T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28514
published_at	2026-04-07T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28579
published_at	2026-04-08T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28619
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-23083

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094134
reference_id	1094134
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094134

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2339392
reference_id	2339392
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2339392

reference_url	https://security.gentoo.org/glsa/202506-08
reference_id	GLSA-202506-08
reference_type
scores
url	https://security.gentoo.org/glsa/202506-08

reference_url

https://nodejs.org/en/blog/vulnerability/january-2025-security-releases

reference_id

january-2025-security-releases

reference_type

scores

value	7.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-28T04:55:27Z/

url

https://nodejs.org/en/blog/vulnerability/january-2025-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2025:1351
reference_id	RHSA-2025:1351
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1351

reference_url	https://access.redhat.com/errata/RHSA-2025:1443
reference_id	RHSA-2025:1443
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1443

reference_url	https://access.redhat.com/errata/RHSA-2025:1522
reference_id	RHSA-2025:1522
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1522

reference_url	https://access.redhat.com/errata/RHSA-2025:1611
reference_id	RHSA-2025:1611
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1611

reference_url	https://access.redhat.com/errata/RHSA-2025:1613
reference_id	RHSA-2025:1613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1613

fixed_packages

url	pkg:apk/alpine/nodejs@22.13.1-r0?arch=x86&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/nodejs@22.13.1-r0?arch=x86&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@22.13.1-r0%3Farch=x86&distroversion=v3.22&reponame=main

aliases CVE-2025-23083

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ydzj-e97m-k3cp

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@22.13.1-r0%3Farch=x86&distroversion=v3.22&reponame=main

Package Instance