Search for packages
| purl | pkg:rpm/redhat/nodejs-nodemon@2.0.19-1?arch=el9_0 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4f1w-xpyy-2fcf
Aliases: CVE-2020-28469 GHSA-ww39-953v-wcq6 |
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator. | There are no reported fixed by versions. |
|
VCID-7tyw-ppyt-zqgr
Aliases: CVE-2020-7788 GHSA-qqgx-2p2h-9c37 |
ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse ### Overview The `ini` npm package before version 1.3.6 has a Prototype Pollution vulnerability. If an attacker submits a malicious INI file to an application that parses it with `ini.parse`, they will pollute the prototype on the application. This can be exploited further depending on the context. ### Patches This has been patched in 1.3.6. ### Steps to reproduce payload.ini ``` [__proto__] polluted = "polluted" ``` poc.js: ``` var fs = require('fs') var ini = require('ini') var parsed = ini.parse(fs.readFileSync('./payload.ini', 'utf-8')) console.log(parsed) console.log(parsed.__proto__) console.log(polluted) ``` ``` > node poc.js {} { polluted: 'polluted' } { polluted: 'polluted' } polluted ``` | There are no reported fixed by versions. |
|
VCID-c86y-234c-s3hu
Aliases: CVE-2021-3807 GHSA-93q8-gq69-wqmw |
ansi-regex is vulnerable to Inefficient Regular Expression Complexity | There are no reported fixed by versions. |
|
VCID-vg3f-8mjh-bbf5
Aliases: CVE-2022-33987 GHSA-pfrx-2q88-qq97 |
Got allows a redirect to a UNIX socket The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket. | There are no reported fixed by versions. |
|
VCID-vg7c-pctm-m7gn
Aliases: CVE-2021-33502 GHSA-px4h-xg32-q955 |
ReDoS in normalize-url The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:03:46.203744+00:00 | RedHat Importer | Affected by | VCID-7tyw-ppyt-zqgr | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7788.json | 38.0.0 |
| 2026-04-01T14:03:33.247463+00:00 | RedHat Importer | Affected by | VCID-4f1w-xpyy-2fcf | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28469.json | 38.0.0 |
| 2026-04-01T14:02:13.637791+00:00 | RedHat Importer | Affected by | VCID-vg7c-pctm-m7gn | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33502.json | 38.0.0 |
| 2026-04-01T14:01:21.611075+00:00 | RedHat Importer | Affected by | VCID-c86y-234c-s3hu | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3807.json | 38.0.0 |
| 2026-04-01T13:58:09.037486+00:00 | RedHat Importer | Affected by | VCID-vg3f-8mjh-bbf5 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-33987.json | 38.0.0 |