VulnerableCode Package Details - pkg:apk/alpine/nodejs-current@16.11.1-r0?arch=aarch64&distroversion=v3.14&reponame=community

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1xdz-dku3-qqc4	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.	CVE-2021-3672
VCID-9g7s-y7nq-xfbb	Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.	CVE-2021-22939
VCID-ap4u-dkwx-1kb3	Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.	CVE-2021-22931
VCID-gwyr-ac4e-dqfa	Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') The llhttp parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS).	CVE-2021-22959
VCID-tnhd-rr89-9udh	Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') The parse function in llhttp ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.	CVE-2021-22960

Vulnerability

Summary

Aliases

VCID-1xdz-dku3-qqc4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

CVE-2021-3672

VCID-9g7s-y7nq-xfbb

Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.

CVE-2021-22939

VCID-ap4u-dkwx-1kb3

Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.

CVE-2021-22931

VCID-gwyr-ac4e-dqfa

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') The llhttp parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS).

CVE-2021-22959

VCID-tnhd-rr89-9udh

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') The parse function in llhttp ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.

CVE-2021-22960

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-06T04:49:27.849752+00:00	Alpine Linux Importer	Fixing	VCID-tnhd-rr89-9udh	https://secdb.alpinelinux.org/v3.14/community.json	38.1.0
2026-04-03T17:46:33.752483+00:00	Alpine Linux Importer	Fixing	VCID-ap4u-dkwx-1kb3	https://secdb.alpinelinux.org/v3.14/community.json	38.1.0
2026-04-01T19:19:49.584302+00:00	Alpine Linux Importer	Fixing	VCID-9g7s-y7nq-xfbb	https://secdb.alpinelinux.org/v3.14/community.json	38.0.0
2026-04-01T19:15:49.109857+00:00	Alpine Linux Importer	Fixing	VCID-1xdz-dku3-qqc4	https://secdb.alpinelinux.org/v3.14/community.json	38.0.0
2026-04-01T19:09:25.743352+00:00	Alpine Linux Importer	Fixing	VCID-gwyr-ac4e-dqfa	https://secdb.alpinelinux.org/v3.14/community.json	38.0.0