Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/rh-nodejs14-nodejs@14.20.1-2?arch=el7
purl pkg:rpm/redhat/rh-nodejs14-nodejs@14.20.1-2?arch=el7
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-5cf7-va9h-h3gy
Aliases:
CVE-2021-44531
Improper Certificate Validation Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js does not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option. There are no reported fixed by versions.
VCID-dfdy-vhdd-5kh4
Aliases:
CVE-2022-35256
Multiple vulnerabilities have been discovered in Node.js. There are no reported fixed by versions.
VCID-e18p-c3m9-2qgy
Aliases:
CVE-2021-44532
Multiple vulnerabilities have been discovered in Node.js. There are no reported fixed by versions.
VCID-m5ae-uc68-d3g2
Aliases:
CVE-2022-21824
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') This advisory has been marked as a false positive. There are no reported fixed by versions.
VCID-ms5y-gp7v-2qay
Aliases:
CVE-2021-44533
Multiple vulnerabilities have been discovered in Node.js. There are no reported fixed by versions.
VCID-turp-dju7-c7fx
Aliases:
CVE-2021-44906
GHSA-xvch-5gv4-984h
Prototype Pollution in minimist Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95). There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:00:35.441042+00:00 RedHat Importer Affected by VCID-m5ae-uc68-d3g2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21824.json 38.0.0
2026-04-01T14:00:35.368561+00:00 RedHat Importer Affected by VCID-ms5y-gp7v-2qay https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44533.json 38.0.0
2026-04-01T14:00:35.300600+00:00 RedHat Importer Affected by VCID-e18p-c3m9-2qgy https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44532.json 38.0.0
2026-04-01T14:00:35.226876+00:00 RedHat Importer Affected by VCID-5cf7-va9h-h3gy https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44531.json 38.0.0
2026-04-01T13:59:23.711287+00:00 RedHat Importer Affected by VCID-turp-dju7-c7fx https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44906.json 38.0.0
2026-04-01T13:57:02.421726+00:00 RedHat Importer Affected by VCID-dfdy-vhdd-5kh4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35256.json 38.0.0