VYPR

rpm package

almalinux/v8-13.6-devel

pkg:rpm/almalinux/v8-13.6-devel

Vulnerabilities (23)

  • CVE-2025-55130Jan 20, 2026
    affected < 3:13.6.233.17-1.24.13.0.0.module_el8.10.0+4113+bc863bc2fixed 3:13.6.233.17-1.24.13.0.0.module_el8.10.0+4113+bc863bc2

    A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and

  • CVE-2026-21637Jan 20, 2026
    affected < 3:13.6.233.17-1.24.13.0.0.module_el8.10.0+4113+bc863bc2fixed 3:13.6.233.17-1.24.13.0.0.module_el8.10.0+4113+bc863bc2

    A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), ca

  • CVE-2025-59465Jan 20, 2026
    affected < 3:13.6.233.17-1.24.13.0.0.module_el8.10.0+4113+bc863bc2fixed 3:13.6.233.17-1.24.13.0.0.module_el8.10.0+4113+bc863bc2

    A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects

Page 2 of 2