Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/rh-nodejs14-nodejs@14.21.1-3?arch=el7
purl pkg:rpm/redhat/rh-nodejs14-nodejs@14.21.1-3?arch=el7
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-bcuh-2e2c-53gy
Aliases:
CVE-2022-24999
GHSA-hrpp-h998-j3pp
qs vulnerable to Prototype Pollution qs before 6.10.3 allows attackers to cause a Node process hang because an `__ proto__` key can be used. In many typical web framework use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as `a[__proto__]=b&a[__proto__]&a[length]=100000000`. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4. There are no reported fixed by versions.
VCID-m7rw-arzq-jba1
Aliases:
CVE-2022-43548
Multiple vulnerabilities have been discovered in Node.js. There are no reported fixed by versions.
VCID-turp-dju7-c7fx
Aliases:
CVE-2021-44906
GHSA-xvch-5gv4-984h
Prototype Pollution in minimist Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95). There are no reported fixed by versions.
VCID-v72h-ew1u-xfcz
Aliases:
CVE-2022-3517
GHSA-f8q6-p94x-37v3
minimatch ReDoS vulnerability A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service. There are no reported fixed by versions.
VCID-x4yh-ez8g-6ya1
Aliases:
CVE-2022-0235
GHSA-r683-j2x4-v87g
URL Redirection to Untrusted Site ('Open Redirect') node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor There are no reported fixed by versions.
VCID-y9aa-2a31-ufa7
Aliases:
CVE-2021-35065
GHSA-cj88-88mr-972w
GMS-2022-3113
glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service glob-parent 6.0.0 is vulnerable to Regular Expression Denial of Service (ReDoS). This issue is fixed in version 6.0.1. This vulnerability is separate from [GHSA-ww39-953v-wcq6](https://github.com/advisories/GHSA-ww39-953v-wcq6). There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:00:29.750580+00:00 RedHat Importer Affected by VCID-x4yh-ez8g-6ya1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0235.json 38.0.0
2026-04-01T13:59:44.455355+00:00 RedHat Importer Affected by VCID-v72h-ew1u-xfcz https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3517.json 38.0.0
2026-04-01T13:59:20.016666+00:00 RedHat Importer Affected by VCID-turp-dju7-c7fx https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44906.json 38.0.0
2026-04-01T13:56:29.346310+00:00 RedHat Importer Affected by VCID-m7rw-arzq-jba1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43548.json 38.0.0
2026-04-01T13:56:16.325909+00:00 RedHat Importer Affected by VCID-bcuh-2e2c-53gy https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24999.json 38.0.0
2026-04-01T13:55:55.575199+00:00 RedHat Importer Affected by VCID-y9aa-2a31-ufa7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35065.json 38.0.0