VulnerableCode Package Details - pkg:rpm/redhat/rh-nodejs12-nodejs@12.18.4-3?arch=el7

Search for packages

Vulnerability	Summary	Fixed by
VCID-4b6t-hfzu-7uf5 Aliases: CVE-2020-8116 GHSA-ff7x-qrg7-qggm	dot-prop Prototype Pollution vulnerability Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.	There are no reported fixed by versions.
VCID-cqs6-2ryh-43gj Aliases: CVE-2020-8252	A buffer overflow in libuv might allow remote attacker(s) to execute arbitrary code.	There are no reported fixed by versions.
VCID-e2wc-na6c-c3cr Aliases: CVE-2020-15095 GHSA-93f3-23rq-pjfp	npm CLI exposing sensitive information through logs Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like `<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>`. The password value is not redacted and is printed to stdout and also to any generated log files.	There are no reported fixed by versions.
VCID-n91z-kugd-ebb5 Aliases: CVE-2020-8201	Multiple vulnerabilities have been found in NodeJS, the worst of which could result in the arbitrary execution of code.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-4b6t-hfzu-7uf5
Aliases:
CVE-2020-8116
GHSA-ff7x-qrg7-qggm

dot-prop Prototype Pollution vulnerability Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

There are no reported fixed by versions.

VCID-cqs6-2ryh-43gj
Aliases:
CVE-2020-8252

A buffer overflow in libuv might allow remote attacker(s) to execute arbitrary code.

There are no reported fixed by versions.

VCID-e2wc-na6c-c3cr
Aliases:
CVE-2020-15095
GHSA-93f3-23rq-pjfp

npm CLI exposing sensitive information through logs Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like `<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>`. The password value is not redacted and is printed to stdout and also to any generated log files.

There are no reported fixed by versions.

VCID-n91z-kugd-ebb5
Aliases:
CVE-2020-8201

Multiple vulnerabilities have been found in NodeJS, the worst of which could result in the arbitrary execution of code.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:13:09.105826+00:00	RedHat Importer	Affected by	VCID-4b6t-hfzu-7uf5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8116.json	38.0.0
2026-04-01T14:05:55.624948+00:00	RedHat Importer	Affected by	VCID-e2wc-na6c-c3cr	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15095.json	38.0.0
2026-04-01T14:04:30.098000+00:00	RedHat Importer	Affected by	VCID-cqs6-2ryh-43gj	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8252.json	38.0.0
2026-04-01T14:04:30.028818+00:00	RedHat Importer	Affected by	VCID-n91z-kugd-ebb5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8201.json	38.0.0