A newly discovered vulnerability in Axios allows attackers to remotely crash Node.js servers with a single malformed JSON property. Here’s how it works and how to protect your apps.
A critical flaw in Axios lets attackers remotely crash Node.js servers with a single crafted JSON key. Here’s what happened, why it matters, and how to fix it.
A newly discovered critical flaw in the vm2 Node.js library (CVE-2026-22709) lets attackers escape sandbox protections and execute code on the host system. Developers are urged to update immediately and consider stronger alternatives.
A newly discovered vulnerability in the Node.js vm2 library allows attackers to escape its sandbox and execute arbitrary code, putting countless applications at risk. Learn how this flaw was uncovered and what it means for the future of open-source security.
A catastrophic flaw in the popular vm2 Node.js library allowed attackers to bypass the sandbox and execute code with full system privileges. This investigative feature unpacks the exploit, its impact, and the urgent need for patching.
A devastating vulnerability in the popular vm2 Node.js sandbox lets attackers execute arbitrary code on the host. Discover how the flaw works, who’s at risk, and why urgent patching is essential.
Node.js 25.5.0 delivers a sweeping update to JavaScript security and deployment. With a new one-command SEA build process, updated root certificates, and stronger asset management, this release slashes supply chain risks and streamlines secure app delivery.
Node.js introduces a new policy demanding a minimum Signal score on HackerOne for direct vulnerability submissions, aiming to tackle triage overload and raise the bar for security reports.
Node.js is tightening its bug bounty program by requiring researchers to have a minimum HackerOne Signal score of 1.0 for direct vulnerability submissions. The policy aims to curb low-quality reports and ensure faster response to real threats, reflecting a broader shift in open-source security strategies.
A newly discovered vulnerability in the Node.js binary-parser library (pre-2.3.0) allows attackers to inject and execute malicious JavaScript code. This flaw, rated critical, exposes countless applications to silent compromise. Immediate upgrades and code audits are urged.