VulnerableCode Package Details - pkg:alpm/archlinux/nodejs@16.4.1-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4kjh-zmaz-tqb7	Regular Expression Denial of Service in hosted-git-info The npm package `hosted-git-info` before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity	CVE-2021-23362 GHSA-43f8-2h32-f4cj
VCID-b7hq-5yyx-tuhs	Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.	CVE-2021-22921
VCID-nj6f-gujk-wqah	A buffer overread vulnerability has been found in libuv.	CVE-2021-22918
VCID-w93e-wkm9-kuex	Regular Expression Denial of Service (ReDoS) npm `ssri` 5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.	CVE-2021-27290 GHSA-vx3p-948g-6vhq

Vulnerability

Summary

Aliases

VCID-4kjh-zmaz-tqb7

Regular Expression Denial of Service in hosted-git-info The npm package `hosted-git-info` before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity

CVE-2021-23362
GHSA-43f8-2h32-f4cj

VCID-b7hq-5yyx-tuhs

Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.

CVE-2021-22921

VCID-nj6f-gujk-wqah

A buffer overread vulnerability has been found in libuv.

CVE-2021-22918

VCID-w93e-wkm9-kuex

Regular Expression Denial of Service (ReDoS) npm `ssri` 5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

CVE-2021-27290
GHSA-vx3p-948g-6vhq

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:26:40.774612+00:00	Arch Linux Importer	Fixing	VCID-b7hq-5yyx-tuhs	https://security.archlinux.org/AVG-2130	38.0.0
2026-04-01T18:25:30.128441+00:00	Arch Linux Importer	Fixing	VCID-nj6f-gujk-wqah	https://security.archlinux.org/AVG-2126	38.0.0
2026-04-01T18:25:30.105590+00:00	Arch Linux Importer	Fixing	VCID-4kjh-zmaz-tqb7	https://security.archlinux.org/AVG-2126	38.0.0
2026-04-01T18:25:30.072166+00:00	Arch Linux Importer	Fixing	VCID-w93e-wkm9-kuex	https://security.archlinux.org/AVG-2126	38.0.0