Search for packages
| purl | pkg:apk/alpine/nodejs@16.13.2-r0?arch=aarch64&distroversion=v3.17&reponame=main |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5cf7-va9h-h3gy | Improper Certificate Validation Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js does not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option. |
CVE-2021-44531
|
| VCID-e18p-c3m9-2qgy | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2021-44532
|
| VCID-m5ae-uc68-d3g2 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') This advisory has been marked as a false positive. |
CVE-2022-21824
|
| VCID-ms5y-gp7v-2qay | Multiple vulnerabilities have been discovered in Node.js. |
CVE-2021-44533
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-07T13:58:02.579356+00:00 | Alpine Linux Importer | Fixing | VCID-5cf7-va9h-h3gy | https://secdb.alpinelinux.org/v3.17/main.json | 38.1.0 |
| 2026-04-07T13:57:18.846639+00:00 | Alpine Linux Importer | Fixing | VCID-e18p-c3m9-2qgy | https://secdb.alpinelinux.org/v3.17/main.json | 38.1.0 |
| 2026-04-03T17:54:23.080635+00:00 | Alpine Linux Importer | Fixing | VCID-m5ae-uc68-d3g2 | https://secdb.alpinelinux.org/v3.17/main.json | 38.1.0 |
| 2026-04-01T19:13:04.417393+00:00 | Alpine Linux Importer | Fixing | VCID-ms5y-gp7v-2qay | https://secdb.alpinelinux.org/v3.17/main.json | 38.0.0 |