[ALSA-2026:2782] Important: nodejs:22 security update
Type:
security
Severity:
important
Release date:
2026-02-23
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: Nodejs filesystem permissions bypass (CVE-2025-55132) * nodejs: Nodejs denial of service (CVE-2026-21637) * nodejs: Nodejs denial of service (CVE-2025-59466) * nodejs: Nodejs denial of service (CVE-2025-59465) * nodejs: Nodejs uninitialized memory exposure (CVE-2025-55131) * nodejs: Nodejs file permissions bypass (CVE-2025-55130) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 npm-10.9.4-1.22.22.0.1.module_el9.7.0+208+fb06c0ab.aarch64.rpm 00fab632ae8b301d82d292629c1fceaa20ed5001ee6e7e4ca4375e26947c8577
aarch64 nodejs-libs-22.22.0-1.module_el9.7.0+208+fb06c0ab.aarch64.rpm 411ab25054c9219c713c3fc957e04a850667cdda44a9d6dbfc85c148227c8a85
aarch64 nodejs-full-i18n-22.22.0-1.module_el9.7.0+208+fb06c0ab.aarch64.rpm 47c521cb8f4c53833491f5396d1c57e851d551398da52dd83f1426ca301a6769
aarch64 nodejs-22.22.0-1.module_el9.7.0+208+fb06c0ab.aarch64.rpm 4b2312a4ab8a6f3fc82951a4050e4cb7922b2ab6c56150f26837cfef35b37b02
aarch64 v8-12.4-devel-12.4.254.21-1.22.22.0.1.module_el9.7.0+208+fb06c0ab.aarch64.rpm 5100ddfcce17666ba4b1caf39e3906659a37631033905ec82d85f69dc7fb0d8b
aarch64 nodejs-devel-22.22.0-1.module_el9.7.0+208+fb06c0ab.aarch64.rpm 7c4cfd31466da6be7e03c3d760c937cefe9a35c4a7bd00120b300f07858f31db
noarch nodejs-packaging-2021.06-5.module_el9.7.0+208+fb06c0ab.noarch.rpm 0528eee629fa506b56c3cec5fd577ee9ade9ee3263827b8f394f53d54bbe1672
noarch nodejs-packaging-bundler-2021.06-5.module_el9.7.0+196+ac40ca3b.noarch.rpm 7ebb5361e6442c86bcc948ea9b435aecc4c8bfd34de4f5d6529133fdaa23235b
noarch nodejs-nodemon-3.0.1-1.module_el9.6.0+172+f0ba00ec.noarch.rpm 8921c764fbe46df7cc2acc0214748ae816c81911a1ef010e4954d2f9f3f1f581
noarch nodejs-docs-22.22.0-1.module_el9.7.0+208+fb06c0ab.noarch.rpm 8f3de5a8307d83d62844ec5660a43d92dbb1352be6470f6ca457e5ae5f80e28c
ppc64le v8-12.4-devel-12.4.254.21-1.22.22.0.1.module_el9.7.0+208+fb06c0ab.ppc64le.rpm 21f9ec269609c36a17e6e2dd142fbd36dbbbccc6f408640b027966f90f933210
ppc64le nodejs-full-i18n-22.22.0-1.module_el9.7.0+208+fb06c0ab.ppc64le.rpm 63d2f232ca70294b504a30eda9b0fa2f5524e526e15e2128c42aeb29cfdfa000
ppc64le nodejs-devel-22.22.0-1.module_el9.7.0+208+fb06c0ab.ppc64le.rpm a744561a5f5b780a1bb80261a49f39018b76fdf64ac0f316ec9ea01983107556
ppc64le nodejs-libs-22.22.0-1.module_el9.7.0+208+fb06c0ab.ppc64le.rpm b75a31ac7260a399b39d50e7845fdacb2853b19cf385407e764fffef3836a6ca
ppc64le npm-10.9.4-1.22.22.0.1.module_el9.7.0+208+fb06c0ab.ppc64le.rpm dc9bd2c54734fdcdc4286df320d873fe09cb5573eb4d45e8127a60241e030312
ppc64le nodejs-22.22.0-1.module_el9.7.0+208+fb06c0ab.ppc64le.rpm ea61da3421fda0a53677bb78695b098cd815fe96849af894f3f6964d608fe8c6
s390x nodejs-full-i18n-22.22.0-1.module_el9.7.0+208+fb06c0ab.s390x.rpm 326d7d6b92e4acdd71920b42eb3dd7cf1c8e4b5271d5f73c467b32c65a3b5a86
s390x nodejs-libs-22.22.0-1.module_el9.7.0+208+fb06c0ab.s390x.rpm 46d54159011f929e3162a30f49c6d1fac056d9377cad5878a20287f16aa7a4bb
s390x nodejs-devel-22.22.0-1.module_el9.7.0+208+fb06c0ab.s390x.rpm 6171cca946d484320427a869df0619083415c735cee4f448bb14ab00271ae7be
s390x nodejs-22.22.0-1.module_el9.7.0+208+fb06c0ab.s390x.rpm 636d353a3d084ef4071303bbe8046e5bb62386dc377c79f5b416bb76c8ccdc60
s390x v8-12.4-devel-12.4.254.21-1.22.22.0.1.module_el9.7.0+208+fb06c0ab.s390x.rpm aed4afa0d3d936a12ae411fcde3e6cdb59a5e696dbfb2fc78c62bee8bfe8f2e2
s390x npm-10.9.4-1.22.22.0.1.module_el9.7.0+208+fb06c0ab.s390x.rpm ea74a47058e87ab78b701b6d8f82d9ac13a99f93541229e0e50fcbd6e88e6666
x86_64 v8-12.4-devel-12.4.254.21-1.22.22.0.1.module_el9.7.0+208+fb06c0ab.x86_64.rpm 0b86ee80b9dcdfb5090365261a0552fc298b8b6e0f23d1d64f7cf57a6e303b09
x86_64 nodejs-22.22.0-1.module_el9.7.0+208+fb06c0ab.x86_64.rpm 5f459874472cf54c4bd6200d3acd90da753482f86c2a7ea40a11c2a3bcc431ff
x86_64 nodejs-devel-22.22.0-1.module_el9.7.0+208+fb06c0ab.x86_64.rpm 8afee73df576789ea58130e7cadd5705bf93d929a7a3ce135d6ad62bbd65a762
x86_64 nodejs-libs-22.22.0-1.module_el9.7.0+208+fb06c0ab.x86_64.rpm cfc3f590893ea457570baf9bb2811c605388a7703a55f7a5d047ebfc469bbef1
x86_64 npm-10.9.4-1.22.22.0.1.module_el9.7.0+208+fb06c0ab.x86_64.rpm d0532c23d57f390a0e685f09b612d702d4427d7af2bce2f6d2f6280147dcb3cd
x86_64 nodejs-full-i18n-22.22.0-1.module_el9.7.0+208+fb06c0ab.x86_64.rpm fb101e89d5ba26fbdb1ad98ddc144e99b344e9a314d2ecc437203ead69992c0a
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.