Search for packages
| purl | pkg:apk/alpine/nodejs-current@9.10.0-r0?arch=loongarch64&distroversion=v3.23&reponame=community |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-nkas-113k-wkbu | nodejs: HTTP parser allowed for spaces inside Content-Length header values |
CVE-2018-7159
|
| VCID-u8pe-48f4-abc9 | Authentication Bypass by Spoofing The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access. |
CVE-2018-7160
GHSA-wq4c-wm6x-jw44 |
| VCID-usab-z8q8-7qd8 | nodejs: path module regular expression denial of service |
CVE-2018-7158
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-03T17:44:59.274118+00:00 | Alpine Linux Importer | Fixing | VCID-usab-z8q8-7qd8 | https://secdb.alpinelinux.org/v3.23/community.json | 38.1.0 |
| 2026-04-01T19:21:13.815195+00:00 | Alpine Linux Importer | Fixing | VCID-u8pe-48f4-abc9 | https://secdb.alpinelinux.org/v3.23/community.json | 38.0.0 |
| 2026-04-01T18:59:01.793719+00:00 | Alpine Linux Importer | Fixing | VCID-nkas-113k-wkbu | https://secdb.alpinelinux.org/v3.23/community.json | 38.0.0 |