Node.js 20 Security Update Addresses Multiple Vulnerabilities

Node.js 20 Security Update Addresses Multiple Vulnerabilities

First seen 12 Feb 2026, 21:16 UTC Linuxsecurity 89% similarity 27.4

Article Content

Browse articles
ThreatCluster

SUSE and openSUSE have released an important security update for Node.js 20, addressing several vulnerabilities. The update includes fixes for issues such as unsafe buffer creation and error handling in TLSSocket, affecting users of Node.js 20. Key CVEs include CVE-2026-22036 and CVE-2025-59465, among others, with some vulnerabilities having public proof of concept available.

ThreatCluster AI

Timeline

2026-01-14
CVE-2026-22036 published
2026-01-20
CVE-2025-55131 published
2026-01-20
CVE-2025-59466 published
2026-01-20
CVE-2025-55130 published
2026-01-20
CVE-2025-55132 published
2026-01-20
CVE-2025-59465 published
2026-01-20
CVE-2026-21637 published
2026-02-02
First public PoC for CVE-2025-55130
2026-02-12
Security update released for nodejs20

Community

Browse all →