Source: node-axios
Version: 1.7.7+dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/axios/axios/issues/6351
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-axios.
CVE-2024-57965[0]:
| In axios before 1.7
Source: nodejs
Source-Version: 20.18.2+dfsg-1
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 26 Jan 2025 16:31:48 +0100
Source: nodejs
Architecture: source
Version: 20.18.2+dfsg-1
Distribution: unstable
Urgency: medi
Source: nodejs
Version: 20.18.1+dfsg-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for nodejs.
CVE-2025-23083[0]:
| With the aid of the diagnostics_channel utilit
Source: node-katex
Version: 0.16.10+~cs6.1.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-katex.
CVE-2025-23207[0]:
| KaTeX is a fast, easy-to-use JavaScript library for TeX math
| rend
Source: node-nunjucks
Version: 3.2.3+dfsg+~cs1.0.1-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-nunjucks.
CVE-2023-2142[0]:
| In Nunjucks versions prior to version 3.2.4, it was possib
Hi Yadd, hi Moritz,
On Sat, Oct 12, 2024 at 07:37:45PM +0200, Yadd wrote:
> On 10/12/24 18:08, Moritz Mühlenhoff wrote:
> > On Sat, Oct 12, 2024 at 04:14:14PM +0200, Yadd wrote:
> > > Hi,
> > >
> > > here is a debdiff for bookworm
> >
> > Please upload to security-master, thanks!
> >
> > Cheers
Source: node-rollup
Version: 3.29.4-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-rollup.
CVE-2024-47068[0]:
| Rollup is a module bundler for JavaScript. Versions prior to 3.29.5
| and 4
Source: node-path-to-regexp
Source-Version: 6.3.0-1
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 14 Sep 2024 16:14:48 +0400
Source: node-path-to-regexp
Architecture: source
Version: 6.3.0-1
Distribution: unstable
U
Hi Xavier,
On Tue, Aug 20, 2024 at 05:33:49PM +0400, Yadd wrote:
> On 8/20/24 17:30, Salvatore Bonaccorso wrote:
> > Hi,
> >
> > On Tue, Aug 20, 2024 at 05:20:38PM +0400, Yadd wrote:
> > > On 8/20/24 16:34, Moritz M??hlenhoff wrote:
> > > > Hi Yadd,
>
Source: gettext.js
Version: 0.7.0-3
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gettext.js.
CVE-2024-43370[0]:
| gettext.js is a GNU gettext port for node and the browser. There is
| a cross-site
Source: node-axios
Version: 1.7.3+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-axios.
CVE-2024-39338[0]:
| axios 1.7.2 allows SSRF via unexpected behavior where requests for
| path
Hi,
On Wed, Jul 03, 2024 at 11:36:46PM +0200, Jérémy Lal wrote:
> Le mer. 3 juil. 2024 à 23:04, Andres Salomon a écrit :
>
> >
> >
> > On 6/25/24 16:34, Jérémy Lal wrote:
> > >
> > >
> > > Le mar. 25 juin 2024 à 22:22, Salvatore
Hi all,
On Sat, Jun 22, 2024 at 06:26:23PM +0300, Adrian Bunk wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: secur...@debian.org, Debian Javascript Maintainers
> , Jérémy Lal
>
> This upload
Source: node-sanitize-html
Source-Version: 2.13.0+~2.11.0-1
On Sun, Apr 28, 2024 at 02:40:18PM +, Debian FTP Masters wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Sun, 28 Apr 2024 17:48:12 +0400
> Source: node-sanitize-html
> Built-For-Profiles: nocheck
>
Source: node-ip
Source-Version: 2.0.1+~1.1.3-1
On Sun, Apr 28, 2024 at 02:40:08PM +, Debian FTP Masters wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Sun, 28 Apr 2024 17:44:01 +0400
> Source: node-ip
> Architecture: source
> Version: 2.0.1+~1.1.3-1
> Distr
Source: node-es5-ext
Source-Version: 0.10.64+dfsg1+~1.1.0-1
On Sun, Apr 28, 2024 at 02:39:58PM +, Debian FTP Masters wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Sun, 28 Apr 2024 17:42:38 +0400
> Source: node-es5-ext
> Architecture: source
> Version: 0.10
Source: node-express
Source-Version: 4.19.2+~cs8.36.21-1
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 07 Apr 2024 07:52:14 +0400
Source: node-express
Architecture: source
Version: 4.19.2+~cs8.36.21-1
Distribution:
Source: nodejs
Source-Version: 18.20.1+dfsg-1
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 16:50:38 +0200
Source: nodejs
Architecture: source
Version: 18.20.1+dfsg-1
Distribution: unstable
Urgency: medi
Source: node-katex
Version: 0.16.4+~cs6.1.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for node-katex.
CVE-2024-28243[0]:
| KaTeX is a JavaScript library for TeX math rendering on the web.
Source: node-follow-redirects
Version: 1.15.3+~1.14.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/psf/requests/issues/1885
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-follow-redirects.
CVE-2024-2884
Source: node-es5-ext
Version: 0.10.62+dfsg1+~1.1.0-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/medikoo/es5-ext/issues/201
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-es5-ext.
CVE-2024-27088[0]:
| es
Source: node-sanitize-html
Version: 2.8.0+~2.6.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/apostrophecms/sanitize-html/pull/650
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-sanitize-html.
CVE-2024-
Source: node-undici
Version: 5.28.2+dfsg1+~cs23.11.12.3-6
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-undici.
CVE-2024-24758[0]:
| Undici is an HTTP/1.1 client, written from scratch for
Source: node-follow-redirects
Version: 1.15.3+~1.14.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/follow-redirects/follow-redirects/issues/235
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-follow-redir
Am Fri, Jun 30, 2023 at 08:12:37PM +0200 schrieb J??r??my Lal:
> >> > Hi,
> >> >
> >> > Le ven. 30 juin 2023 ?? 19:21, Salvatore Bonaccorso
> >> a
> >> > ??crit :
> >> >
> >> > > Source: nodejs
> >> >
Source: node-axios
Version: 1.5.1+dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/axios/axios/issues/6006
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-axios.
CVE-2023-45857[0]:
| An issue discovered
Source: libjs-bootbox
Version: 5.5.3~ds-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/bootboxjs/bootbox/issues/661
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libjs-bootbox.
CVE-2023-46998[0]:
| Cross Site
Hi Yadd,
On Sat, Oct 28, 2023 at 12:05:25PM +0400, Yadd wrote:
> On 10/27/23 20:20, Moritz Mühlenhoff wrote:
> > Source: node-browserify-sign
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: grave
> > Tags: security
> >
> > Hi,
> >
> > The following vulnerability was published for node-b
Source: nodejs
Version: 18.13.0+dfsg1-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for nodejs.
CVE-2023-39333[0]:
| Code injection via WebAssembly export names
CVE-2023-38552[1]:
| When the Nod
Source: node-postcss
Version: 8.4.20+~cs8.0.23-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-postcss.
CVE-2023-44270[0]:
| An issue was discovered in PostCSS before 8.4.31. It affects li
Source: node-get-func-name
Version: 2.0.0+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-get-func-name.
CVE-2023-43646[0]:
| get-func-name is a module to retrieve a function's name s
Source: nodejs
Version: 18.13.0+dfsg1-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for nodejs.
CVE-2023-32002[0]:
| The use of `Module._load()` can bypass the po
Hi
[CC'ing the security team alias]
On Fri, Jun 30, 2023 at 08:12:37PM +0200, Jérémy Lal wrote:
> Hi,
>
> Le ven. 30 juin 2023 à 19:21, Salvatore Bonaccorso a
> écrit :
>
> > Source: nodejs
> > Version: 18.13.0+dfsg1-1
> > Severity: important
> > T
Source: nodejs
Version: 18.13.0+dfsg1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for nodejs.
CVE-2023-30581[0], CVE-2023-30588[1], CVE-2023-30589[2] and
CVE-2023-30590[3].
If you fix the
Source: jquery-minicolors
Source-Version: 2.3.5+dfsg-4
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 31 May 2023 16:44:37 +0400
Source: jquery-minicolors
Architecture: source
Version: 2.3.5+dfsg-4
Distribution: unst
Source: node-yaml
Version: 2.1.3-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-yaml.
CVE-2023-2251[0]:
| Uncaught Exception in GitHub repository eemeli/yaml.
If you fix the vulnerabili
Source: ckeditor
Version: 4.19.1+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ckeditor.
CVE-2023-28439[0]:
| CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.
| A cr
Source: node-xml2js
Version: 0.4.23+~cs15.4.0+dfsg-4
Severity: important
Tags: security upstream
Forwarded: https://github.com/Leonidas-from-XIV/node-xml2js/issues/663
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-xml2js.
CVE-2023-0
Source: node-webpack
Version: 5.75.0+dfsg+~cs17.16.14-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/webpack/webpack/pull/16500
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-webpack.
CVE-2023-28154[0]:
|
Source: node-mermaid
Version: 8.14.0+~cs11.4.14-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-mermaid.
CVE-2022-48345[0]:
| sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows
Source: nodejs
Version: 18.13.0+dfsg1-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for nodejs.
CVE-2023-23918[0]:
| A privilege escalation vulnerability exists in Node.js <19.6.1,
| <18.14.1, <16
Source: jquery-minicolors
Version: 2.3.5+dfsg-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jquery-minicolors.
CVE-2021-32850[0]:
| jQuery MiniColors is a color picker built on jQuery. Prior
Source: node-undici
Version: 5.15.0+dfsg1+~cs20.10.9.3-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for node-undici.
CVE-2023-23936[0]:
| Undici is an HTTP/1.1 client for Node.js. Starting wi
Source: node-xmldom
Version: 0.8.3-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/jindw/xmldom/issues/150
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-xmldom.
CVE-2022-39353[0]:
| xmldom is a pure JavaS
Source: nodejs
Version: 18.12.0+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for nodejs.
CVE-2022-43548[0]:
| DNS rebinding in --inspect via invalid octal IP address
If you fix the vulnera
Source: node-xmldom
Version: 0.7.5-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/xmldom/xmldom/issues/436
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-xmldom.
CVE-2022-37616[0]:
| A prototype pollution
Source: node-sanitize-html
Version: 2.7.0+~2.6.2-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-sanitize-html.
CVE-2022-25887[0]:
| The package sanitize-html before 2.7.1 are vulnerable t
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: car...@debian.org, anar...@debian.org, t...@security.debian.org,
pkg-javascript-de...@lists.alioth.debian.org, y...@debian.org
Hi
As it was mentioned in #debian-security: rainloop seems to have now a
unmaintained upstream and has security i
Source: node-fetch
Version: 3.2.9+~cs18.4.14-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-fetch.
CVE-2022-2596[0]:
| Denial of Service in GitHub repository node-fetch/node-fetch prior t
Hi Yadd,
On Wed, Jul 13, 2022 at 09:14:56PM +0200, Yadd wrote:
> On 13/07/2022 08:38, Salvatore Bonaccorso wrote:
> > Source: node-moment
> > Version: 2.29.3+ds-1
> > Severity: grave
> > Tags: security upstream
> > X-Debbugs-Cc: car...@debian.org, Debia
Source: node-moment
Version: 2.29.3+ds-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-moment.
CVE-2022-31129[0]:
| moment is a JavaScript date library for parsing, validating,
| manipulating,
Source: node-moment
Version: 2.29.1+ds-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.29.1+ds-2
Control: found -1 2.24.0+ds-1
Hi,
The following vulnerability was published for node-moment.
CVE-2022-24785[0]:
| Moment.js is
Source: nodejs
Source-Version: 12.22.9~dfsg-1
This should fix #1004177 and the four open CVEs.
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Thu, 27 Jan 2022 13:42:36 +0100
Source: nodejs
Architecture: source
Version: 1
Hi,
On Sat, Feb 05, 2022 at 08:23:17AM +0100, Yadd wrote:
> On 04/02/2022 17:59, Yadd wrote:
> > Hi,
> >
> > my new pkgjs-audit tool found this 3 vulnerabilities, not found on
> > security-tracker:
> >
> > eslint-config-eslint 5.0.1
> > Severity: critical
> > Malicious Package in eslint-scope -
Source: node-cached-path-relative
Source-Version: 1.1.0+~1.0.0-1
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 26 Jan 2022 12:30:15 +0100
Source: node-cached-path-relative
Architecture: source
Version: 1.1.0+~1.0.0-
Source: nodejs
Version: 12.22.7~dfsg-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 12.22.5~dfsg-2~11u1
Hi,
The following vulnerabilities were published for nodejs.
CVE-2021-44531[0]:
| Improper handling of URI Subject Alternati
Source: node-shell-quote
Source-Version: 1.7.3+~1.7.1-1
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 09 Jan 2022 12:07:45 +0100
Source: node-shell-quote
Architecture: source
Version: 1.7.3+~1.7.1-1
Distribution: un
Source: node-shell-quote
Version: 1.7.2-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-shell-quote.
CVE-2021-42740[0]:
| The shell-quote package before 1.7.3
Source: node-ansi-regex
Version: 5.0.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 5.0.0-1
Hi,
The following vulnerability was published for node-ansi-regex.
CVE-2021-3807[0]:
| ansi-regex is vulnerable to Inefficient Reg
Source: node-tar
Version: 6.1.7+~cs11.3.10-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-tar.
CVE-2021-37712[0]:
| The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10,
|
Source: npm
Version: 7.5.2+ds-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for npm.
CVE-2021-39135[0]:
| `@npmcli/arborist`, the library that calculates dependency trees and
| manages the node_m
Source: npm
Version: 7.5.2+ds-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for npm.
CVE-2021-39135[0]:
| `@npmcli/arborist`, the library that calculates dependency trees and
| manages the node_m
Source: ckeditor
Version: 4.16.0+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ckeditor.
CVE-2021-32808[0]:
| ckeditor is an open source WYSIWYG HTML editor with rich content
| support.
Source: ckeditor
Version: 4.16.0+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 4.11.1+dfsg-1
Hi,
The following vulnerability was published for ckeditor.
CVE-2021-32809[0]:
| ckeditor is an open source WYSIWYG HTML edit
Source: ckeditor
Version: 4.16.0+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 4.11.1+dfsg-1
Hi,
The following vulnerability was published for ckeditor.
CVE-2021-37695[0]:
| ckeditor is an open source WYSIWYG HTML edit
Source: node-tar
Version: 6.0.5+ds1+~cs11.3.9-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-tar.
CVE-2021-32803[0]:
| The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7,
|
Source: node-tar
Version: 6.0.5+ds1+~cs11.3.9-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-tar.
CVE-2021-32804[0]:
| The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6,
|
Source: node-xmldom
Version: 0.5.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-xmldom.
CVE-2021-32796[0]:
| xmldom is an open source pure JavaScript W3C standard-based (XML DOM
| Level
Source: node-url-parse
Version: 1.5.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-url-parse.
CVE-2021-3664[0]:
| url-parse is vulnerable to URL Redirection to Untrusted Site
If you f
Source: node-nodemailer
Version: 6.4.17-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/nodemailer/nodemailer/issues/1289
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-nodemailer.
CVE-2021-23400[0]:
| The
Source: node-mermaid
Version: 8.7.0+ds+~cs27.17.17-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/mermaid-js/mermaid/issues/2122
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-mermaid.
CVE-2021-35513[0]:
Hi Yadd,
On Mon, May 31, 2021 at 11:50:56AM +0200, Yadd wrote:
> Hi,
>
> Looking at CVE-2021-33587 patch, it seems too intrusive to be applied
> for Bullseye: patch seems not easily usable for version 4 of
> node-css-what. Could you tag it ?
Sorry for got to confirm: this is done and marked to b
Source: node-browserslist
Version: 4.16.3+~cs5.4.72-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-browserslist.
CVE-2021-23364[0]:
| The package browserslist from 4.0.0 and before 4.16.5
Source: underscore
Version: 1.9.1~dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
,y...@debian.org
Hi,
The following vulnerability was published for underscore.
CVE-2021-23358[0]:
| The package underscore fro
Source: node-ssri
Version: 8.0.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-ssri.
CVE-2021-27290[0]:
| ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular
| expression wh
Source: node-ua-parser-js
Version: 0.7.23+ds-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 0.7.14-1
Hi,
The following vulnerability was published for node-ua-parser-js.
CVE-2021-27292[0]:
| ua-parser-js >= 0.7.14, fixed in
Source: node-url-parse
Version: 1.4.7+repack-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-url-parse.
CVE-2021-27515[0]:
| url-parse before 1.5.0 mishandles certain uses of backslash suc
Source: node-prismjs
Version: 1.11.0+dfsg-4
Severity: important
Tags: security upstream
Forwarded: https://github.com/PrismJS/prism/issues/2583
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-prismjs.
CVE-2021-23341[0]:
| The package
Source: ckeditor
Version: 4.12.1+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for ckeditor.
CVE-2021-26271[0]:
| It was possible to execute a ReDoS-type attack inside CKEditor 4
| before
Control: severity -1 minor
Hi
On Thu, Jan 07, 2021 at 10:58:03PM +0100, Philippe Coval wrote:
> Package: iotjs
> Followup-For: Bug #977736
>
> Dear Maintainer,
>
> As iotjs's Debian maintainer,
> I have forwarded this issue to upstream tracker:
>
> https://github.com/jerryscript-project/iotjs/
Source: nodejs
Version: 12.19.0~dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 10.21.0~dfsg-1~deb10u1
Control: found -1 14.13.0~dfsg-1
Hi,
The following vulnerabilities were published for no
Source: iotjs
Version: 1.0+715-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/jerryscript-project/jerryscript/issues/4244
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.0-1
Hi,
The following vulnerability was published for iotjs. Actually f
Source: node-ini
Version: 1.3.5-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-ini.
CVE-2020-7788[0]:
| This affects the package ini before 1.3.6. If an attacker submits a
| malicious INI
Source: highlight.js
Version: 9.18.1+dfsg1-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/highlightjs/highlight.js/pull/2636
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 9.12.0+dfsg1-4
Hi,
The following vulnerability was published for highl
Source: node-y18n
Version: 4.0.0-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/yargs/y18n/issues/96
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-y18n.
CVE-2020-7774[0]:
| This affects the package y18n
Source: node-axios
Version: 0.21.0+dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/axios/axios/issues/3369
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-axios.
CVE-2020-28168[0]:
| Axios NPM package
Source: node-pathval
Version: 1.1.0-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/chaijs/pathval/pull/58
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-pathval.
* CVE-2020-7751[0]
If you fix the vulner
Hi Xavier,
On Sun, Sep 13, 2020 at 05:29:56PM +0200, Xavier wrote:
> Le 12/09/2020 à 15:33, Salvatore Bonaccorso a écrit :
> > Source: node-fetch
> > Version: 1.7.3-2
> > Severity: important
> > Tags: security upstream
> > X-Debbugs-Cc: car...@debian.org, Debia
Source: node-fetch
Version: 1.7.3-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.7.3-1
Hi,
The following vulnerability was published for node-fetch.
CVE-2020-15168[0]:
| node-fetch before versions 2.6.1 and 3.0.0-beta.9 di
Source: dojo
Version: 1.15.3+dfsg1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for dojo.
CVE-2020-4051[0]:
| In Dijit before versions 1.11.11, and greater than or equal to 1.12.0
| and less tha
Source: node-node-forge
Version: 0.9.1~dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 0.8.1~dfsg-1
Hi,
The following vulnerability was published for node-node-forge.
CVE-2020-7720[0]:
| The package node-forge before 0.
Source: grunt
Version: 1.0.4-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.0.1-8
Hi,
The following vulnerability was published for grunt.
CVE-2020-7729[0]:
| The package grunt before 1.3.0 are vulnerable to Arbitrary Code
Source: node-bl
Version: 4.0.2-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-bl.
CVE-2020-8244[0]:
| A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1 and
| <2.2.1 which could
Source: node-prismjs
Version: 1.11.0+dfsg-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: Debian Security Team
Hi,
The following vulnerability was published for node-prismjs.
CVE-2020-15138[0]:
| Prism is vulnerable to Cross-Site Scripting. The easing preview of the
| Previewers plu
Source: node-lodash
Version: 4.17.15+dfsg-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: Debian Security Team
Hi,
The following vulnerability was published for node-lodash.
CVE-2020-8203[0]:
| Prototype pollution attack when using _.zipObjectDeep in lo
Source: npm
Version: 6.14.5+ds-1
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for npm.
CVE-2020-15095[0]:
| Versions of the npm CLI prior to 6.14.6 are vulnerable to an
| information exposure vulnerability through log files. The CLI supports
| URLs li
Source: node-elliptic
Version: 6.5.1~dfsg-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/indutny/elliptic/issues/226
Hi,
The following vulnerability was published for node-elliptic.
CVE-2020-13822[0]:
| The Elliptic package 6.5.2 for Node.js allows ECDSA signature
|
Source: nodejs
Version: 10.20.1~dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
Control: found -1 10.19.0~dfsg1-1
Hi,
The following vulnerabilities were published for nodejs.
CVE-2020-11080[0]:
HTTP/2 Large Settings Frame DoS
CVE-2020-8172[1]:
TLS session reuse
Source: node-minimist
Version: 1.2.0-1
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for node-minimist.
CVE-2020-7598[0]:
| minimist before 1.2.2 could be tricked into adding or modifying
| properties of Object.prototype using a "constructor" or "__pro
Source: dojo
Version: 1.15.2+dfsg1-1
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for dojo.
CVE-2020-5259[0]:
| In affected versions of dojox (NPM package), the jqMix method is
| vulnerable to Prototype Pollution. Prototype Pollution refers to the
| a
1 - 100 of 129 matches
Mail list logo
