This page collects WhisperX intelligence signals tagged #nodejs. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security vulnerability in the Fastify web framework allows attackers to bypass request body validation entirely, posing a direct threat to applications relying on schema-based input sanitization. The flaw, tracked as CVE-2026-25223, is triggered by appending a tab character (`\t`) followed by arbitrary conte...
A critical security update for the widely-used `tar` library patches multiple high-severity vulnerabilities that allow attackers to bypass directory protections and write to arbitrary files on a system. The flaws, centered in the library's handling of hardlinks and symlinks, create a direct path for malicious archives ...
A critical security update for the widely-used `node-forge` cryptography library patches a high-severity Denial of Service (DoS) vulnerability. The flaw, tracked as CVE-2026-33891, resides in the `BigInteger.modInverse()` function, which is inherited from the bundled `jsbn` library. When this function is called with a ...
A critical security flaw in the widely-used `yaml` npm package, tracked as CVE-2026-33532, exposes countless software projects to denial-of-service attacks. The vulnerability, a stack overflow in the parser's composition phase, allows an attacker to crash a Node.js application by feeding it a maliciously crafted YAML d...
A critical security vulnerability in the widely used `yaml` JavaScript library has been patched, exposing countless projects to potential denial-of-service attacks. The flaw, tracked as CVE-2026-33532, allows an attacker to crash a Node.js application by providing a maliciously crafted YAML document. The root cause is ...
A critical security update for the widely-used `node-forge` cryptography library patches a high-severity Denial of Service (DoS) vulnerability. The flaw, tracked as CVE-2026-33891, resides in the `BigInteger.modInverse()` function, which is inherited from the bundled `jsbn` library. When this function is called with a ...
A critical security flaw in the widely-used `node-forge` cryptography library has been patched, addressing a HIGH-severity vulnerability that could allow attackers to bypass downstream cryptographic verifications. The vulnerability, tracked as CVE-2025-12816, is an ASN.1 validator desynchronization issue. It enables re...
A critical security update for the widely-used `node-forge` cryptography library patches a high-severity Denial of Service (DoS) vulnerability. The flaw, tracked as CVE-2026-33891, resides in the `BigInteger.modInverse()` function, which is inherited from the bundled jsbn library. When this function is called with a ze...
A critical security update for the widely-used `node-forge` cryptography library patches a high-severity Denial of Service (DoS) vulnerability. The flaw, tracked as CVE-2026-33891, resides in the `BigInteger.modInverse()` function, which is inherited from the bundled `jsbn` library. When this function is called with a ...
A high-severity Denial of Service (DoS) vulnerability has been patched in the widely used `node-forge` cryptography library. The flaw, tracked as CVE-2026-XXXX, resides in the `BigInteger.modInverse()` function. When called with a zero value as input, the function triggers an infinite loop in the underlying Extended Eu...
A critical denial-of-service (DoS) vulnerability has been patched in the widely used Node.js `body-parser` middleware. The flaw, tracked as CVE-2024-45590, affects all versions prior to 1.20.3. When URL encoding is enabled, a malicious actor can craft a specific payload to flood a server with requests, rendering it unr...
A high-severity vulnerability, CVE-2026-31802, has been detected in the widely used `tar-4.4.8.tgz` library for Node.js. This critical flaw exposes countless applications and services that rely on this fundamental package for file archiving, creating a significant supply chain risk. The vulnerability is present in the ...
The node-forge cryptography library has released version 1.4.0 to patch a high-severity Denial of Service (DoS) vulnerability. The flaw, tracked as CVE-2026-33891, resides in the `BigInteger.modInverse()` function, which is inherited from the bundled jsbn library. When this function is called with a zero value as input...
A newly disclosed vulnerability, CVE-2026-33750, has been detected in a critical piece of the JavaScript software supply chain. The flaw, rated with medium severity, resides in version 1.1.11 of the `brace-expansion` library, a fundamental package used for filename pattern matching in Node.js environments. This library...
A critical security update for the widely-used `node-forge` cryptography library patches a high-severity Denial of Service (DoS) vulnerability. The flaw, tracked as CVE-2026-33891, resides in the `BigInteger.modInverse()` function, which is inherited from the bundled jsbn library. When this function is called with a ze...
A critical security vulnerability in the widely used Node.js `tar` package has been patched, addressing a flaw that could allow attackers to overwrite files anywhere on a Windows system. The vulnerability, tracked as CVE-2026-31802, stems from improper handling of drive-relative symlink targets during archive extractio...
A critical security update for the widely-used `node-forge` cryptography library patches a high-severity Denial of Service (DoS) vulnerability. The flaw, tracked as CVE-2026-33891, resides in the `BigInteger.modInverse()` function, which is inherited from the bundled `jsbn` library. When this function is called with a ...
A high-severity Denial of Service (DoS) vulnerability has been patched in the widely used `node-forge` cryptography library, forcing developers to urgently update to version 1.4.0. The flaw, tracked as CVE-2026-33891, resides in the `BigInteger.modInverse()` function inherited from the bundled jsbn library. When this f...
A critical security update has been released for the widely-used `node-forge` cryptography library, patching a high-severity Denial of Service (DoS) vulnerability. The flaw, tracked as CVE-2026-33891, resides in the `BigInteger.modInverse()` function. When this function is called with a zero value as input, it triggers...
A critical security vulnerability in the widely-used `node-forge` cryptography library has been disclosed, prompting an urgent update to version 1.4.0. The flaw, rated HIGH severity, is a Denial of Service (DoS) vulnerability within the `BigInteger.modInverse()` function. When called with a zero value, the function ent...