Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/nodejs@12.22.9~dfsg-1?distro=trixie
purl pkg:deb/debian/nodejs@12.22.9~dfsg-1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (4)
Vulnerability Summary Aliases
VCID-5cf7-va9h-h3gy Improper Certificate Validation Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js does not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option. CVE-2021-44531
VCID-e18p-c3m9-2qgy Multiple vulnerabilities have been discovered in Node.js. CVE-2021-44532
VCID-m5ae-uc68-d3g2 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') This advisory has been marked as a false positive. CVE-2022-21824
VCID-ms5y-gp7v-2qay Multiple vulnerabilities have been discovered in Node.js. CVE-2021-44533

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T11:11:37.555915+00:00 Debian Importer Fixing VCID-e18p-c3m9-2qgy https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:41:42.278840+00:00 Debian Importer Fixing VCID-5cf7-va9h-h3gy https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:59:03.449636+00:00 Debian Importer Fixing VCID-ms5y-gp7v-2qay https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:01:25.264895+00:00 Debian Importer Fixing VCID-m5ae-uc68-d3g2 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T07:36:34.032970+00:00 Debian Importer Fixing VCID-e18p-c3m9-2qgy https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:14:04.849670+00:00 Debian Importer Fixing VCID-5cf7-va9h-h3gy https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:41:24.045280+00:00 Debian Importer Fixing VCID-ms5y-gp7v-2qay https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:03:01.540007+00:00 Debian Importer Fixing VCID-m5ae-uc68-d3g2 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:47:23.017997+00:00 Debian Importer Fixing VCID-m5ae-uc68-d3g2 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:47:22.961035+00:00 Debian Importer Fixing VCID-ms5y-gp7v-2qay https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:47:22.904712+00:00 Debian Importer Fixing VCID-e18p-c3m9-2qgy https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:47:22.849326+00:00 Debian Importer Fixing VCID-5cf7-va9h-h3gy https://security-tracker.debian.org/tracker/data/json 38.1.0