ALSA-2026:2783

[ALSA-2026:2783] Important: nodejs:20 security update

Type:

security

Severity:

important

Release date:

2026-02-23

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.   

Security Fix(es):  

  * nodejs: Nodejs filesystem permissions bypass (CVE-2025-55132)
  * nodejs: Nodejs denial of service (CVE-2026-21637)
  * nodejs: Nodejs denial of service (CVE-2025-59466)
  * nodejs: Nodejs denial of service (CVE-2025-59465)
  * nodejs: Nodejs uninitialized memory exposure (CVE-2025-55131)
  * nodejs: Nodejs file permissions bypass (CVE-2025-55130)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-devel-20.20.0-1.module_el9.7.0+207+84573810.aarch64.rpm	0cde0ea5493a4e484f3d109597e30cabfd4758c1d8f24c12cf4235f9c2d0cd24
aarch64	nodejs-20.20.0-1.module_el9.7.0+207+84573810.aarch64.rpm	9814cba3a52bf15c8be7e0b20e877cd0d0929a9852f816addad032a4fe5d3289
aarch64	npm-10.8.2-1.20.20.0.1.module_el9.7.0+207+84573810.aarch64.rpm	ac0bcecee4681180f5090a95d0a751941983a404df988ded36170c2bed531339
aarch64	nodejs-full-i18n-20.20.0-1.module_el9.7.0+207+84573810.aarch64.rpm	e8572b0b9d19bd0aaca87ce347baa5c934c8ff76c2a57bd033cdd567436e1d92
noarch	nodejs-packaging-2021.06-5.module_el9.7.0+207+84573810.noarch.rpm	05f86c49a68ad3d28eb5632b8d8cb414cdc8e1b609d53821410f46d958d55e36
noarch	nodejs-nodemon-3.0.1-1.module_el9.5.0+125+8dc38870.noarch.rpm	572b82ee164b85ffef41f974897332716b428e341e262a4ccdd71a9c87312648
noarch	nodejs-packaging-bundler-2021.06-5.module_el9.7.0+207+84573810.noarch.rpm	8aafd12f78157e86ba2ec7e2c9345b60105bf6f6ee017bd22496ac3e8d69f790
noarch	nodejs-docs-20.20.0-1.module_el9.7.0+207+84573810.noarch.rpm	9b45e7911e1228b9f6ae1ce27a752e5418a996eb6dc94653709a9cf4d18b9b3d
ppc64le	npm-10.8.2-1.20.20.0.1.module_el9.7.0+207+84573810.ppc64le.rpm	1e2eed90d13146e993fccc36444b4ee24837656393742edc1df5e163d9e57c20
ppc64le	nodejs-full-i18n-20.20.0-1.module_el9.7.0+207+84573810.ppc64le.rpm	a1112524e693902aeb136f7a3242b5adbe770d9e417c9683ed8601be7cb5d243
ppc64le	nodejs-devel-20.20.0-1.module_el9.7.0+207+84573810.ppc64le.rpm	cd4dae1e5962ae84b8349fbcc75b3776f564c7e8556b29f4605a92d3ecfcc507
ppc64le	nodejs-20.20.0-1.module_el9.7.0+207+84573810.ppc64le.rpm	f9688ae515baa9c9df0c8a55b41e295eabb125b2652877d9416b5ed25624c508
s390x	nodejs-20.20.0-1.module_el9.7.0+207+84573810.s390x.rpm	19415782267af242f3069081222e0965ad8d5e267086d987c5138b4782958bf8
s390x	nodejs-devel-20.20.0-1.module_el9.7.0+207+84573810.s390x.rpm	3ccc744c20e4576a05eb772133e03528f29c949f3fd47c9b48468f7c3c8f7698
s390x	npm-10.8.2-1.20.20.0.1.module_el9.7.0+207+84573810.s390x.rpm	7c11fe6948be5bf6999bd6871b0bf9543e67e06d0d03cfdff77aaa5068df4b70
s390x	nodejs-full-i18n-20.20.0-1.module_el9.7.0+207+84573810.s390x.rpm	b670eae1c4077f15c5ee590cfc51a2bbeb5cc1262231e690bff5b146fa9025c3
x86_64	nodejs-devel-20.20.0-1.module_el9.7.0+207+84573810.x86_64.rpm	1af43ccfd0c8959344961c80c564d041de865d9cf74a88e0bb70389dfab3ca35
x86_64	nodejs-full-i18n-20.20.0-1.module_el9.7.0+207+84573810.x86_64.rpm	2fff99549272eba4c2bd112edeac361dfe696903011781367f7a1492bddd1e7b
x86_64	nodejs-20.20.0-1.module_el9.7.0+207+84573810.x86_64.rpm	6d3fdfc8776be4dbaa86d2439138cb26e3ea950842e07c35b7e9e12f352f5def
x86_64	npm-10.8.2-1.20.20.0.1.module_el9.7.0+207+84573810.x86_64.rpm	917f9e95f83c87bf7a182369c55db0f155c4b45eb7cd4c8e0d002643af7c62d4

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.