nodejs24 (SUSE:Linux Enterprise Server 16.0) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 16.0 package nodejs24, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2025-59464 — CVSS 7.5 (high): A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated…
CVE-2026-21637 — CVSS 7.5 (high): A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or…
CVE-2026-21710 — CVSS 7.5 (high): A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the…
CVE-2026-21717 — CVSS 5.9 (medium): A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially…
CVE-2026-21713 — CVSS 5.9 (medium): A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking…
CVE-2026-21712 — CVSS 5.7 (medium): A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed…
CVE-2026-21714 — CVSS 5.3 (medium): A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow…
CVE-2026-21715 — CVSS 3.3 (low): A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks…
CVE-2026-21716 — CVSS 3.3 (low): An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required…