Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/rh-nodejs12-nodejs@12.22.12-2?arch=el7
purl pkg:rpm/redhat/rh-nodejs12-nodejs@12.22.12-2?arch=el7
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (10)
Vulnerability Summary Fixed by
VCID-1tz4-bphw-rbd3
Aliases:
CVE-2021-37701
GHSA-9r2w-394v-53qc
Path Traversal This npm package has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. There are no reported fixed by versions.
VCID-5cf7-va9h-h3gy
Aliases:
CVE-2021-44531
Improper Certificate Validation Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js does not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option. There are no reported fixed by versions.
VCID-7mtb-yaq7-77ep
Aliases:
CVE-2021-37712
GHSA-qq89-hq3f-393p
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') The npm package "tar" (aka node-tar) has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. There are no reported fixed by versions.
VCID-e18p-c3m9-2qgy
Aliases:
CVE-2021-44532
Multiple vulnerabilities have been discovered in Node.js. There are no reported fixed by versions.
VCID-gwyr-ac4e-dqfa
Aliases:
CVE-2021-22959
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') The llhttp parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). There are no reported fixed by versions.
VCID-hwk3-sg9p-wqe7
Aliases:
CVE-2021-3918
GHSA-896r-f27r-55mw
json-schema is vulnerable to Prototype Pollution json-schema before version 0.4.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). There are no reported fixed by versions.
VCID-m5ae-uc68-d3g2
Aliases:
CVE-2022-21824
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') This advisory has been marked as a false positive. There are no reported fixed by versions.
VCID-ms5y-gp7v-2qay
Aliases:
CVE-2021-44533
Multiple vulnerabilities have been discovered in Node.js. There are no reported fixed by versions.
VCID-tnhd-rr89-9udh
Aliases:
CVE-2021-22960
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') The parse function in llhttp ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. There are no reported fixed by versions.
VCID-turp-dju7-c7fx
Aliases:
CVE-2021-44906
GHSA-xvch-5gv4-984h
Prototype Pollution in minimist Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95). There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:01:29.610324+00:00 RedHat Importer Affected by VCID-7mtb-yaq7-77ep https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37712.json 38.0.0
2026-04-01T14:01:29.518428+00:00 RedHat Importer Affected by VCID-1tz4-bphw-rbd3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37701.json 38.0.0
2026-04-01T14:01:19.636833+00:00 RedHat Importer Affected by VCID-hwk3-sg9p-wqe7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3918.json 38.0.0
2026-04-01T14:01:16.368753+00:00 RedHat Importer Affected by VCID-tnhd-rr89-9udh https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22960.json 38.0.0
2026-04-01T14:01:16.274136+00:00 RedHat Importer Affected by VCID-gwyr-ac4e-dqfa https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22959.json 38.0.0
2026-04-01T14:00:35.469217+00:00 RedHat Importer Affected by VCID-m5ae-uc68-d3g2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21824.json 38.0.0
2026-04-01T14:00:35.397063+00:00 RedHat Importer Affected by VCID-ms5y-gp7v-2qay https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44533.json 38.0.0
2026-04-01T14:00:35.328377+00:00 RedHat Importer Affected by VCID-e18p-c3m9-2qgy https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44532.json 38.0.0
2026-04-01T14:00:35.255999+00:00 RedHat Importer Affected by VCID-5cf7-va9h-h3gy https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44531.json 38.0.0
2026-04-01T13:59:21.617597+00:00 RedHat Importer Affected by VCID-turp-dju7-c7fx https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44906.json 38.0.0