Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:apk/alpine/nodejs-current@9.10.0-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/nodejs-current@9.10.0-r0?arch=riscv64&distroversion=v3.23&reponame=community
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-nkas-113k-wkbu nodejs: HTTP parser allowed for spaces inside Content-Length header values CVE-2018-7159
VCID-u8pe-48f4-abc9 Authentication Bypass by Spoofing The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access. CVE-2018-7160
GHSA-wq4c-wm6x-jw44
VCID-usab-z8q8-7qd8 nodejs: path module regular expression denial of service CVE-2018-7158

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-03T17:44:59.281337+00:00 Alpine Linux Importer Fixing VCID-usab-z8q8-7qd8 https://secdb.alpinelinux.org/v3.23/community.json 38.1.0
2026-04-01T19:21:13.826072+00:00 Alpine Linux Importer Fixing VCID-u8pe-48f4-abc9 https://secdb.alpinelinux.org/v3.23/community.json 38.0.0
2026-04-01T18:59:01.802825+00:00 Alpine Linux Importer Fixing VCID-nkas-113k-wkbu https://secdb.alpinelinux.org/v3.23/community.json 38.0.0