Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1
purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1
Next non-vulnerable version 20.19.2+dfsg-1
Latest non-vulnerable version 20.19.2+dfsg-1
Risk 4.0
Vulnerabilities affecting this package (14)
Vulnerability Summary Fixed by
VCID-1vp3-fzdr-yqbm
Aliases:
CVE-2026-21715
Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions
20.19.2+dfsg-1
Affected by 0 other vulnerabilities.
VCID-2t7c-dju9-pff6
Aliases:
CVE-2026-21713
Node.js: Node.js: Information disclosure via timing oracle in HMAC verification
20.19.2+dfsg-1
Affected by 0 other vulnerabilities.
VCID-43sf-4r41-wugc
Aliases:
CVE-2025-55132
nodejs: Nodejs filesystem permissions bypass
20.19.2+dfsg-1
Affected by 0 other vulnerabilities.
VCID-96yh-1wub-zucg
Aliases:
CVE-2026-21714
Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames
20.19.2+dfsg-1
Affected by 0 other vulnerabilities.
VCID-98fy-tedc-ube7
Aliases:
CVE-2025-55131
nodejs: Nodejs uninitialized memory exposure
20.19.2+dfsg-1
Affected by 0 other vulnerabilities.
VCID-bjza-25hu-vkad
Aliases:
CVE-2026-21637
nodejs: Nodejs denial of service
20.19.2+dfsg-1
Affected by 0 other vulnerabilities.
VCID-dgkh-jdah-wfh9
Aliases:
CVE-2026-21717
nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions
20.19.2+dfsg-1
Affected by 0 other vulnerabilities.
VCID-dt7u-3usg-9uet
Aliases:
CVE-2026-21710
Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header
20.19.2+dfsg-1
Affected by 0 other vulnerabilities.
VCID-twc8-ewm7-wkb1
Aliases:
CVE-2026-21716
nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.
20.19.2+dfsg-1
Affected by 0 other vulnerabilities.
VCID-u8bq-8jp4-jkem
Aliases:
CVE-2025-59466
nodejs: Nodejs denial of service
20.19.2+dfsg-1
Affected by 0 other vulnerabilities.
VCID-v7uy-445x-tuan
Aliases:
CVE-2025-59465
nodejs: Nodejs denial of service
20.19.2+dfsg-1
Affected by 0 other vulnerabilities.
VCID-wf5t-3pwz-c7d7
Aliases:
CVE-2025-23085
Multiple vulnerabilities have been discovered in Node.js, the worst of which can lead to arbitrary code execution.
20.19.2+dfsg-1
Affected by 0 other vulnerabilities.
VCID-x1an-pjq4-nbby
Aliases:
CVE-2025-55130
nodejs: Nodejs file permissions bypass
20.19.2+dfsg-1
Affected by 0 other vulnerabilities.
VCID-xkpz-pb5y-jqcy
Aliases:
CVE-2025-23166
nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js
20.19.2+dfsg-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (13)
Vulnerability Summary Aliases
VCID-2z1f-7jkw-17av Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. CVE-2024-27982
VCID-38k9-23j3-eqh7 Multiple vulnerabilities have been discovered in Node.js. CVE-2023-30581
VCID-9yq7-aba3-c7c3 Multiple vulnerabilities have been discovered in Node.js. CVE-2023-32559
VCID-bx67-aud6-b3fa Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. CVE-2024-22025
VCID-c8xz-v6h3-6ueb nodejs: libuv: Out-of-Bounds Access Due to Inconsistent off_t Size in libuv and Node.js Build on i386 CVE-2025-47153
VCID-e6gj-fe31-kkh5 Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. CVE-2023-46809
VCID-e7u5-356v-jbg7 Multiple vulnerabilities have been discovered in Node.js. CVE-2023-30590
VCID-kj75-vmwa-gqgq Multiple vulnerabilities have been discovered in Node.js. CVE-2023-32006
VCID-nenk-4cgd-fugv Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. CVE-2024-27983
VCID-sag8-repb-g3f4 Multiple vulnerabilities have been discovered in Node.js. CVE-2023-32002
VCID-vkvx-gxbu-3uau Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. CVE-2024-22019
VCID-wf5t-3pwz-c7d7 Multiple vulnerabilities have been discovered in Node.js, the worst of which can lead to arbitrary code execution. CVE-2025-23085
VCID-zstw-3wmu-u3c8 llhttp vulnerable to HTTP request smuggling The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20 CVE-2023-30589
GHSA-cggh-pq45-6h9x

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T12:24:43.883419+00:00 Debian Importer Affected by VCID-x1an-pjq4-nbby https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:23:21.006970+00:00 Debian Importer Affected by VCID-43sf-4r41-wugc https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:18:46.688216+00:00 Debian Importer Affected by VCID-u8bq-8jp4-jkem https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:25:02.298315+00:00 Debian Importer Affected by VCID-v7uy-445x-tuan https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:15:03.970671+00:00 Debian Importer Affected by VCID-xkpz-pb5y-jqcy https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:14:45.758782+00:00 Debian Importer Affected by VCID-dt7u-3usg-9uet https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:05:47.707049+00:00 Debian Importer Affected by VCID-bjza-25hu-vkad https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:05:39.853231+00:00 Debian Importer Affected by VCID-dgkh-jdah-wfh9 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:33:20.265311+00:00 Debian Importer Affected by VCID-2t7c-dju9-pff6 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:27:50.040136+00:00 Debian Importer Affected by VCID-1vp3-fzdr-yqbm https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:12:08.722395+00:00 Debian Importer Fixing VCID-sag8-repb-g3f4 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:09:00.747792+00:00 Debian Importer Affected by VCID-wf5t-3pwz-c7d7 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:04:37.214668+00:00 Debian Importer Affected by VCID-twc8-ewm7-wkb1 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:04:24.631694+00:00 Debian Importer Fixing VCID-kj75-vmwa-gqgq https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:50:18.640748+00:00 Debian Importer Affected by VCID-98fy-tedc-ube7 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:46:44.548446+00:00 Debian Importer Fixing VCID-38k9-23j3-eqh7 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:44:25.977791+00:00 Debian Importer Affected by VCID-96yh-1wub-zucg https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T00:46:00.683680+00:00 Debian Oval Importer Fixing VCID-c8xz-v6h3-6ueb https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-16T00:09:05.760479+00:00 Debian Oval Importer Fixing VCID-vkvx-gxbu-3uau https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-16T00:05:19.874369+00:00 Debian Oval Importer Fixing VCID-nenk-4cgd-fugv https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T23:30:29.645275+00:00 Debian Oval Importer Fixing VCID-e6gj-fe31-kkh5 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T23:11:11.691563+00:00 Debian Oval Importer Fixing VCID-bx67-aud6-b3fa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T23:05:22.370746+00:00 Debian Oval Importer Fixing VCID-e7u5-356v-jbg7 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T20:22:02.941351+00:00 Debian Oval Importer Fixing VCID-2z1f-7jkw-17av https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T19:20:03.353911+00:00 Debian Oval Importer Fixing VCID-wf5t-3pwz-c7d7 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T17:25:55.666751+00:00 Debian Oval Importer Fixing VCID-zstw-3wmu-u3c8 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T16:18:08.706419+00:00 Debian Oval Importer Fixing VCID-9yq7-aba3-c7c3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-13T08:55:38.721649+00:00 Debian Importer Affected by VCID-xkpz-pb5y-jqcy https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:39:13.882493+00:00 Debian Importer Affected by VCID-u8bq-8jp4-jkem https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:29:43.353768+00:00 Debian Importer Affected by VCID-x1an-pjq4-nbby https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:28:37.858635+00:00 Debian Importer Affected by VCID-43sf-4r41-wugc https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:46:38.271483+00:00 Debian Importer Affected by VCID-v7uy-445x-tuan https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:45:35.469916+00:00 Debian Importer Fixing VCID-38k9-23j3-eqh7 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:22:21.395976+00:00 Debian Importer Affected by VCID-1vp3-fzdr-yqbm https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:57:34.663249+00:00 Debian Importer Affected by VCID-98fy-tedc-ube7 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:53:25.034950+00:00 Debian Importer Affected by VCID-dt7u-3usg-9uet https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:46:40.636639+00:00 Debian Importer Affected by VCID-bjza-25hu-vkad https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:46:34.062966+00:00 Debian Importer Affected by VCID-dgkh-jdah-wfh9 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:31:36.631696+00:00 Debian Importer Fixing VCID-sag8-repb-g3f4 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-12T00:18:34.614120+00:00 Debian Oval Importer Fixing VCID-c8xz-v6h3-6ueb https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T23:43:02.803662+00:00 Debian Oval Importer Fixing VCID-vkvx-gxbu-3uau https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T23:39:22.639059+00:00 Debian Oval Importer Fixing VCID-nenk-4cgd-fugv https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T23:05:46.157609+00:00 Debian Oval Importer Fixing VCID-e6gj-fe31-kkh5 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T22:47:08.005415+00:00 Debian Oval Importer Fixing VCID-bx67-aud6-b3fa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T22:41:28.305618+00:00 Debian Oval Importer Fixing VCID-e7u5-356v-jbg7 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T20:03:41.878537+00:00 Debian Oval Importer Fixing VCID-2z1f-7jkw-17av https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T19:03:21.989665+00:00 Debian Oval Importer Fixing VCID-wf5t-3pwz-c7d7 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:22:08.888262+00:00 Debian Importer Affected by VCID-2t7c-dju9-pff6 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:07:35.395658+00:00 Debian Importer Affected by VCID-wf5t-3pwz-c7d7 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:04:59.534623+00:00 Debian Importer Affected by VCID-twc8-ewm7-wkb1 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:04:52.743379+00:00 Debian Importer Fixing VCID-kj75-vmwa-gqgq https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:52:18.305821+00:00 Debian Importer Affected by VCID-96yh-1wub-zucg https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:12:17.400907+00:00 Debian Oval Importer Fixing VCID-zstw-3wmu-u3c8 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T16:05:28.755202+00:00 Debian Oval Importer Fixing VCID-9yq7-aba3-c7c3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T23:49:27.166270+00:00 Debian Oval Importer Fixing VCID-c8xz-v6h3-6ueb https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T23:15:28.610585+00:00 Debian Oval Importer Fixing VCID-vkvx-gxbu-3uau https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T23:11:54.268832+00:00 Debian Oval Importer Fixing VCID-nenk-4cgd-fugv https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T22:39:30.440332+00:00 Debian Oval Importer Fixing VCID-e6gj-fe31-kkh5 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T22:21:52.023255+00:00 Debian Oval Importer Fixing VCID-bx67-aud6-b3fa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T22:16:33.588728+00:00 Debian Oval Importer Fixing VCID-e7u5-356v-jbg7 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T19:56:30.938826+00:00 Debian Importer Affected by VCID-xkpz-pb5y-jqcy https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T19:45:48.990545+00:00 Debian Importer Affected by VCID-u8bq-8jp4-jkem https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T19:45:19.245317+00:00 Debian Oval Importer Fixing VCID-2z1f-7jkw-17av https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T19:39:29.659652+00:00 Debian Importer Affected by VCID-x1an-pjq4-nbby https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T19:38:50.197286+00:00 Debian Importer Affected by VCID-43sf-4r41-wugc https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T19:10:09.222733+00:00 Debian Importer Affected by VCID-v7uy-445x-tuan https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T19:09:24.627973+00:00 Debian Importer Fixing VCID-38k9-23j3-eqh7 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T18:53:58.901823+00:00 Debian Importer Affected by VCID-1vp3-fzdr-yqbm https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T18:47:46.782080+00:00 Debian Oval Importer Fixing VCID-wf5t-3pwz-c7d7 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T18:37:34.727288+00:00 Debian Importer Affected by VCID-98fy-tedc-ube7 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T18:34:54.029739+00:00 Debian Importer Affected by VCID-dt7u-3usg-9uet https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T18:30:26.729360+00:00 Debian Importer Affected by VCID-bjza-25hu-vkad https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T18:30:21.465383+00:00 Debian Importer Affected by VCID-dgkh-jdah-wfh9 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T17:01:14.429010+00:00 Debian Oval Importer Fixing VCID-zstw-3wmu-u3c8 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T15:58:13.058374+00:00 Debian Oval Importer Fixing VCID-9yq7-aba3-c7c3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-07T05:53:02.916381+00:00 Debian Importer Affected by VCID-96yh-1wub-zucg https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-04T18:11:52.046417+00:00 Debian Importer Fixing VCID-sag8-repb-g3f4 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-04T18:07:00.047525+00:00 Debian Importer Affected by VCID-2t7c-dju9-pff6 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-04T17:57:27.338245+00:00 Debian Importer Affected by VCID-wf5t-3pwz-c7d7 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-04T17:55:37.334554+00:00 Debian Importer Affected by VCID-twc8-ewm7-wkb1 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-04T17:55:32.555437+00:00 Debian Importer Fixing VCID-kj75-vmwa-gqgq https://security-tracker.debian.org/tracker/data/json 38.1.0