VDB

GCVE-VVD-MAGEIA-2026-9

GCVE-VVD-MAGEIA-2026-9
Advisory Published
Vulnetix · Advisory published February 4, 2026
Node.js HTTP/2 server crashes with unhandled error when receiving malformed HEADERS frame. (CVE-2025-59465) Uncatchable "Maximum call stack size exceeded" error on Node.js via async_hooks leads to process crashes bypassing error handlers. (CVE-2025-59466) Bypass File System Permissions using crafted symlinks. (CVE-2025-55130) Timeout-based race conditions make Uint8Array/Buffer.alloc non-zerofilled. (CVE-2025-55131) fs.futimes() Bypasses Read-Only Permission Model. (CVE-2025-55132) TLS PSK/ALPN Callback Exceptions Bypass Error Handlers, Causing DoS and FD Leak. (CVE-2026-21637)
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiasubversion0 (affected), 1.14.3-1.1.mga9 (unaffected)
Mageianodejs0 (affected), 22.22.0-1.mga9 (unaffected), 0 (affected), 22.22.0-1.mga9 (unaffected)

References

Updated nodejs packages fix security vulnerabilities
advisory
Updated nodejs packages fix security vulnerabilities
issue
Updated nodejs packages fix security vulnerabilities
issue
Updated nodejs packages fix security vulnerabilities
issue
Updated subversion packages fix bug
advisory
Updated subversion packages fix bug
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›