VulnerableCode Package Details - pkg:apk/alpine/nodejs@22.22.2-r0?arch=aarch64&distroversion=v3.22&reponame=main

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1vp3-fzdr-yqbm	Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions	CVE-2026-21715
VCID-2t7c-dju9-pff6	Node.js: Node.js: Information disclosure via timing oracle in HMAC verification	CVE-2026-21713
VCID-96yh-1wub-zucg	Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames	CVE-2026-21714
VCID-bjza-25hu-vkad	nodejs: Nodejs denial of service	CVE-2026-21637
VCID-dgkh-jdah-wfh9	nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions	CVE-2026-21717
VCID-dt7u-3usg-9uet	Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header	CVE-2026-21710
VCID-twc8-ewm7-wkb1	nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.	CVE-2026-21716

Vulnerability

Summary

Aliases

VCID-1vp3-fzdr-yqbm

Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions

CVE-2026-21715

VCID-2t7c-dju9-pff6

Node.js: Node.js: Information disclosure via timing oracle in HMAC verification

CVE-2026-21713

VCID-96yh-1wub-zucg

Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames

CVE-2026-21714

VCID-bjza-25hu-vkad

nodejs: Nodejs denial of service

CVE-2026-21637

VCID-dgkh-jdah-wfh9

nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions

CVE-2026-21717

VCID-dt7u-3usg-9uet

Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header

CVE-2026-21710

VCID-twc8-ewm7-wkb1

nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.

CVE-2026-21716

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-06T04:48:54.794943+00:00	Alpine Linux Importer	Fixing	VCID-1vp3-fzdr-yqbm	https://secdb.alpinelinux.org/v3.22/main.json	38.1.0
2026-04-06T04:47:29.435390+00:00	Alpine Linux Importer	Fixing	VCID-96yh-1wub-zucg	https://secdb.alpinelinux.org/v3.22/main.json	38.1.0
2026-04-03T17:43:02.549638+00:00	Alpine Linux Importer	Fixing	VCID-dgkh-jdah-wfh9	https://secdb.alpinelinux.org/v3.22/main.json	38.1.0
2026-04-03T17:42:53.944447+00:00	Alpine Linux Importer	Fixing	VCID-dt7u-3usg-9uet	https://secdb.alpinelinux.org/v3.22/main.json	38.1.0
2026-04-01T19:25:45.934085+00:00	Alpine Linux Importer	Fixing	VCID-2t7c-dju9-pff6	https://secdb.alpinelinux.org/v3.22/main.json	38.0.0
2026-04-01T19:20:46.782469+00:00	Alpine Linux Importer	Fixing	VCID-twc8-ewm7-wkb1	https://secdb.alpinelinux.org/v3.22/main.json	38.0.0
2026-04-01T19:19:36.176400+00:00	Alpine Linux Importer	Fixing	VCID-bjza-25hu-vkad	https://secdb.alpinelinux.org/v3.22/main.json	38.0.0