nodejs22 (SUSE:Linux Enterprise Server 16.0) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 16.0 package nodejs22, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2025-55130 — CVSS 9.1 (critical): A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted…
CVE-2025-59465 — CVSS 7.5 (high): A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket`…
CVE-2025-59466 — CVSS 7.5 (high): We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when…
CVE-2026-21637 — CVSS 7.5 (high): A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or…
CVE-2025-55131 — CVSS 7.1 (high): A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module…
CVE-2026-22036 — CVSS 5.9 (medium): Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the…
CVE-2025-55132 — CVSS 5.3 (medium): A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via `futimes()` even when the process…