VulnerableCode Package Details - pkg:alpm/archlinux/nodejs@16.4.0-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-4kjh-zmaz-tqb7 Aliases: CVE-2021-23362 GHSA-43f8-2h32-f4cj	Regular Expression Denial of Service in hosted-git-info The npm package `hosted-git-info` before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity	16.4.1-1 Affected by 0 other vulnerabilities.
VCID-b7hq-5yyx-tuhs Aliases: CVE-2021-22921	Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.	16.4.1-1 Affected by 0 other vulnerabilities.
VCID-nj6f-gujk-wqah Aliases: CVE-2021-22918	A buffer overread vulnerability has been found in libuv.	16.4.1-1 Affected by 0 other vulnerabilities.
VCID-w93e-wkm9-kuex Aliases: CVE-2021-27290 GHSA-vx3p-948g-6vhq	Regular Expression Denial of Service (ReDoS) npm `ssri` 5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.	16.4.1-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-4kjh-zmaz-tqb7
Aliases:
CVE-2021-23362
GHSA-43f8-2h32-f4cj

Regular Expression Denial of Service in hosted-git-info The npm package `hosted-git-info` before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity

16.4.1-1
Affected by 0 other vulnerabilities.

VCID-b7hq-5yyx-tuhs
Aliases:
CVE-2021-22921

Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.

16.4.1-1
Affected by 0 other vulnerabilities.

VCID-nj6f-gujk-wqah
Aliases:
CVE-2021-22918

A buffer overread vulnerability has been found in libuv.

16.4.1-1
Affected by 0 other vulnerabilities.

VCID-w93e-wkm9-kuex
Aliases:
CVE-2021-27290
GHSA-vx3p-948g-6vhq

Regular Expression Denial of Service (ReDoS) npm `ssri` 5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

16.4.1-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:26:40.770673+00:00	Arch Linux Importer	Affected by	VCID-b7hq-5yyx-tuhs	https://security.archlinux.org/AVG-2130	38.0.0
2026-04-01T18:25:30.124800+00:00	Arch Linux Importer	Affected by	VCID-nj6f-gujk-wqah	https://security.archlinux.org/AVG-2126	38.0.0
2026-04-01T18:25:30.101733+00:00	Arch Linux Importer	Affected by	VCID-4kjh-zmaz-tqb7	https://security.archlinux.org/AVG-2126	38.0.0
2026-04-01T18:25:30.067732+00:00	Arch Linux Importer	Affected by	VCID-w93e-wkm9-kuex	https://security.archlinux.org/AVG-2126	38.0.0