Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/rh-nodejs14-nodejs@14.18.2-1?arch=el7
purl pkg:rpm/redhat/rh-nodejs14-nodejs@14.18.2-1?arch=el7
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-1tz4-bphw-rbd3
Aliases:
CVE-2021-37701
GHSA-9r2w-394v-53qc
Path Traversal This npm package has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. There are no reported fixed by versions.
VCID-7mtb-yaq7-77ep
Aliases:
CVE-2021-37712
GHSA-qq89-hq3f-393p
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') The npm package "tar" (aka node-tar) has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. There are no reported fixed by versions.
VCID-c86y-234c-s3hu
Aliases:
CVE-2021-3807
GHSA-93q8-gq69-wqmw
ansi-regex is vulnerable to Inefficient Regular Expression Complexity There are no reported fixed by versions.
VCID-gwyr-ac4e-dqfa
Aliases:
CVE-2021-22959
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') The llhttp parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). There are no reported fixed by versions.
VCID-hwk3-sg9p-wqe7
Aliases:
CVE-2021-3918
GHSA-896r-f27r-55mw
json-schema is vulnerable to Prototype Pollution json-schema before version 0.4.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). There are no reported fixed by versions.
VCID-tnhd-rr89-9udh
Aliases:
CVE-2021-22960
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') The parse function in llhttp ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:01:29.635915+00:00 RedHat Importer Affected by VCID-7mtb-yaq7-77ep https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37712.json 38.0.0
2026-04-01T14:01:29.544430+00:00 RedHat Importer Affected by VCID-1tz4-bphw-rbd3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37701.json 38.0.0
2026-04-01T14:01:21.640301+00:00 RedHat Importer Affected by VCID-c86y-234c-s3hu https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3807.json 38.0.0
2026-04-01T14:01:19.660531+00:00 RedHat Importer Affected by VCID-hwk3-sg9p-wqe7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3918.json 38.0.0
2026-04-01T14:01:16.395264+00:00 RedHat Importer Affected by VCID-tnhd-rr89-9udh https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22960.json 38.0.0
2026-04-01T14:01:16.301358+00:00 RedHat Importer Affected by VCID-gwyr-ac4e-dqfa https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22959.json 38.0.0