VulnerableCode Package Details - pkg:rpm/redhat/rh-nodejs14-nodejs@14.17.2-1?arch=el7

Search for packages

Vulnerability	Summary	Fixed by
VCID-4kjh-zmaz-tqb7 Aliases: CVE-2021-23362 GHSA-43f8-2h32-f4cj	Regular Expression Denial of Service in hosted-git-info The npm package `hosted-git-info` before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity	There are no reported fixed by versions.
VCID-nj6f-gujk-wqah Aliases: CVE-2021-22918	A buffer overread vulnerability has been found in libuv.	There are no reported fixed by versions.
VCID-vg7c-pctm-m7gn Aliases: CVE-2021-33502 GHSA-px4h-xg32-q955	ReDoS in normalize-url The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.	There are no reported fixed by versions.
VCID-w93e-wkm9-kuex Aliases: CVE-2021-27290 GHSA-vx3p-948g-6vhq	Regular Expression Denial of Service (ReDoS) npm `ssri` 5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-4kjh-zmaz-tqb7
Aliases:
CVE-2021-23362
GHSA-43f8-2h32-f4cj

Regular Expression Denial of Service in hosted-git-info The npm package `hosted-git-info` before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity

There are no reported fixed by versions.

VCID-nj6f-gujk-wqah
Aliases:
CVE-2021-22918

A buffer overread vulnerability has been found in libuv.

There are no reported fixed by versions.

VCID-vg7c-pctm-m7gn
Aliases:
CVE-2021-33502
GHSA-px4h-xg32-q955

ReDoS in normalize-url The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.

There are no reported fixed by versions.

VCID-w93e-wkm9-kuex
Aliases:
CVE-2021-27290
GHSA-vx3p-948g-6vhq

Regular Expression Denial of Service (ReDoS) npm `ssri` 5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:02:49.102206+00:00	RedHat Importer	Affected by	VCID-w93e-wkm9-kuex	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27290.json	38.0.0
2026-04-01T14:02:45.164934+00:00	RedHat Importer	Affected by	VCID-4kjh-zmaz-tqb7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23362.json	38.0.0
2026-04-01T14:02:13.709283+00:00	RedHat Importer	Affected by	VCID-vg7c-pctm-m7gn	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33502.json	38.0.0
2026-04-01T14:01:57.515426+00:00	RedHat Importer	Affected by	VCID-nj6f-gujk-wqah	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22918.json	38.0.0