VYPR

apk package

chainguard/graalvm-24-ce-nodejs

pkg:apk/chainguard/graalvm-24-ce-nodejs

Vulnerabilities (4)

  • CVE-2026-0775HigJan 23, 2026
    affected < 24.0.2-r8fixed 24.0.2-r8

    npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system i

  • CVE-2026-24001Jan 22, 2026
    affected < 24.0.2-r8fixed 24.0.2-r8

    jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters `\r`, `\u2028`, or `\u2029` can cause the `parsePatch` method to enter an infinite loop.

  • CVE-2025-64756Nov 17, 2025
    affected < 0fixed 0

    Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names.

  • CVE-2025-5889LowJun 9, 2025
    affected < 24.0.1-r2fixed 24.0.1-r2

    A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be l