VDB
GCVE-110-MAGEIA-2023-226
GCVE-110-MAGEIA-2023-226
Advisory Published
Current nodejs 14 branch in Mageia 8 is end of life and there are no more
security updates.
This release allows to move to the new nodejs 18 LTS branch and fixes the
following CVEs
CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism
(High)
CVE-2023-30585: Privilege escalation via Malicious Registry Key
manipulation during Node.js installer repair process (Medium)
CVE-2023-30588: Process interuption due to invalid Public Key information
in x509 certificates (Medium)
CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR
(Medium)
CVE-2023-30590: DiffieHellman does not generate keys after setting a
private key (Medium)
OpenSSL Security Releases
OpenSSL security advisory 28th March.
OpenSSL security advisory 20th April.
OpenSSL security advisory 30th May
c-ares vulnerabilities:
GHSA-9g78-jv2r-p7vc
GHSA-8r8p-23f3-64c2
GHSA-54xr-f67r-4pc4
GHSA-x6mf-cxr9-8q6v
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | nodejs | 0 (affected), 18.16.1-1.mga8 (unaffected) | — |
Browse GCVE Records
73,280 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.