Search for packages
| purl | pkg:apk/alpine/nodejs@10.16.3-r0?arch=x86_64&distroversion=v3.16&reponame=main |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-9hzg-r1fj-pubf | Excessive CPU usage in HTTP/2 with priority changes |
CVE-2019-9513
|
| VCID-aqt5-2ffy-9bgs | HTTP/2: flood using SETTINGS frames results in unbounded memory growth |
CVE-2019-9515
|
| VCID-c5hc-3jtx-k3a6 | HTTP/2: flood using empty frames results in excessive resource consumption |
CVE-2019-9518
|
| VCID-dmv4-ydq9-a7eq | Excessive CPU usage in HTTP/2 with small window updates |
CVE-2019-9511
|
| VCID-hbte-dsw2-y7ad | golang.org/x/net/http vulnerable to ping floods Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. ### Specific Go Packages Affected golang.org/x/net/http2 |
CVE-2019-9512
GHSA-hgr8-6h9x-f7q9 |
| VCID-kcsp-h1s5-wbea | Excessive memory usage in HTTP/2 with zero length headers |
CVE-2019-9516
|
| VCID-n66u-b73u-zucb | golang.org/x/net/http vulnerable to a reset flood Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Servers that accept direct connections from untrusted clients could be remotely made to allocate an unlimited amount of memory, until the program crashes. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. ### Specific Go Packages Affected golang.org/x/net/http2 |
CVE-2019-9514
GHSA-39qc-96h7-956f |
| VCID-y3k1-c4rn-xbc2 | A malicious client could perform a DoS attack by flooding a connection with requests and basically never reading responses on the TCP connection. Depending on h2 worker dimensioning, it was possible to block those with relatively few connections. |
CVE-2019-9517
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-06T04:51:56.701652+00:00 | Alpine Linux Importer | Fixing | VCID-n66u-b73u-zucb | https://secdb.alpinelinux.org/v3.16/main.json | 38.1.0 |
| 2026-04-06T04:45:03.497157+00:00 | Alpine Linux Importer | Fixing | VCID-kcsp-h1s5-wbea | https://secdb.alpinelinux.org/v3.16/main.json | 38.1.0 |
| 2026-04-03T17:52:59.854227+00:00 | Alpine Linux Importer | Fixing | VCID-9hzg-r1fj-pubf | https://secdb.alpinelinux.org/v3.16/main.json | 38.1.0 |
| 2026-04-03T17:49:17.998834+00:00 | Alpine Linux Importer | Fixing | VCID-c5hc-3jtx-k3a6 | https://secdb.alpinelinux.org/v3.16/main.json | 38.1.0 |
| 2026-04-03T17:48:24.623105+00:00 | Alpine Linux Importer | Fixing | VCID-aqt5-2ffy-9bgs | https://secdb.alpinelinux.org/v3.16/main.json | 38.1.0 |
| 2026-04-03T17:42:35.950463+00:00 | Alpine Linux Importer | Fixing | VCID-y3k1-c4rn-xbc2 | https://secdb.alpinelinux.org/v3.16/main.json | 38.1.0 |
| 2026-04-01T19:24:36.220810+00:00 | Alpine Linux Importer | Fixing | VCID-dmv4-ydq9-a7eq | https://secdb.alpinelinux.org/v3.16/main.json | 38.0.0 |
| 2026-04-01T19:16:12.236770+00:00 | Alpine Linux Importer | Fixing | VCID-hbte-dsw2-y7ad | https://secdb.alpinelinux.org/v3.16/main.json | 38.0.0 |