ELSA-2026-35892

ELSA-2026-35892 - nodejs:22 security, bug fix, and enhancement update

Type:SECURITY
Impact:IMPORTANT
Release Date:2026-07-08

Description


nodejs
[1:22.23.1-1]
- Update to version 22.23.1
Resolves: RHEL-186622 RHEL-185998 RHEL-183669
Fixes: CVE-2026-12151 CVE-2026-48618 CVE-2026-48933 CVE-2026-48937 CVE-2026-48930 CVE-2026-48619 CVE-2026-48615 CVE-2026-48934 CVE-2026-48928 CVE-2026-48617 CVE-2026-48931 CVE-2026-48935 CVE-2026-42338

nodejs-nodemon
[3.0.1-1]
- Rebase to 3.0.1
- Resolves: CVE-2022-25883

[2.0.20-2]
- Patch bundled glob-parent
- Resolves: CVE-2021-35065

[2.0.20-1]
- Rebase to 2.0.20
Resolves: CVE-2022-3517

[2.0.15-1]
- Resolves: RHBZ#2005419
- Resolves CVE-2020-28469
- Rebase to newest version
- Change source to npmjs.com

nodejs-packaging
[2021.06-6]
- Properly handle @group/package deps in nodejs-symlink-deps
Resolves: RHEL-120511

[2021.06-5]
- nodejs.req to properly detect bundled deps


Related CVEs


CVE-2026-11525
CVE-2026-12151
CVE-2026-42338
CVE-2026-48615
CVE-2026-48618
CVE-2026-48619
CVE-2026-48928
CVE-2026-48930
CVE-2026-48933
CVE-2026-48934
CVE-2026-48935
CVE-2026-6733
CVE-2026-9678

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) nodejs-22.23.1-1.module+el9.8.0+90947+d3e8e647.src.rpmc2707ae7e1f39329eee939ca3864aadec3af320d1c11aed3ed2c873a84613365-ol9_aarch64_appstream
nodejs-nodemon-3.0.1-1.module+el9.8.0+90947+d3e8e647.src.rpm3c2b07c7d5cdf98c5942b18fa05905ca4e10824e0aabc0c086115a098873b2c2-ol9_aarch64_appstream
nodejs-packaging-2021.06-6.module+el9.8.0+90947+d3e8e647.src.rpm8ee9b69aaa37d416b38f17ab84818b1019d95ffddb062424c9fbac2bf4953bf0-ol9_aarch64_appstream
nodejs-22.23.1-1.module+el9.8.0+90947+d3e8e647.aarch64.rpm282e213ebe19331aa769315e26321b875e65b430edc134fae3ad6a8ab8e1acb8-ol9_aarch64_appstream
nodejs-devel-22.23.1-1.module+el9.8.0+90947+d3e8e647.aarch64.rpmfa53a4c8bc4add1354eeb45a195729584da68ffd817b192fff810b347a521bad-ol9_aarch64_appstream
nodejs-docs-22.23.1-1.module+el9.8.0+90947+d3e8e647.noarch.rpm10612f627fbc824da390bb5651bd6c9eb38dcb2374ea5a583c944edd38b30ed5-ol9_aarch64_appstream
nodejs-full-i18n-22.23.1-1.module+el9.8.0+90947+d3e8e647.aarch64.rpmdc52e65febe8832794269ff53b84f1ede148f558d9e31f1afcba824f2a25e925-ol9_aarch64_appstream
nodejs-libs-22.23.1-1.module+el9.8.0+90947+d3e8e647.aarch64.rpm8937882f9f3fdba2c2c594c03af79cb0e7f50caf9d1de6bccd34f4c05ed44c92-ol9_aarch64_appstream
nodejs-nodemon-3.0.1-1.module+el9.8.0+90947+d3e8e647.noarch.rpm585bcfc7eaab4c79c4a701bc2d8d0e17a39b997426547860ab06ab6a7b98dc65-ol9_aarch64_appstream
nodejs-packaging-2021.06-6.module+el9.8.0+90947+d3e8e647.noarch.rpme521f4e074ef3aa04b65998224e1564e80b7a5b0c76bb71731b8dd806a6f942b-ol9_aarch64_appstream
nodejs-packaging-bundler-2021.06-6.module+el9.8.0+90947+d3e8e647.noarch.rpm8befbd56ce9b26e12960f68515064ae2969cdd6c2fc25ea2c3c5c76fc48a1bd6-ol9_aarch64_appstream
npm-10.9.8-1.22.23.1.1.module+el9.8.0+90947+d3e8e647.aarch64.rpm366a1cf5406639ecf7cf632ae6854ae155cc91589a6b0588d44832a49f894010-ol9_aarch64_appstream
v8-12.4-devel-12.4.254.21-1.22.23.1.1.module+el9.8.0+90947+d3e8e647.aarch64.rpmbb374d9653bfeb65de751bd9febfb1ec2f064f454e6552a9ef4490b1a544b22f-ol9_aarch64_appstream
Oracle Linux 9 (x86_64) nodejs-22.23.1-1.module+el9.8.0+90947+d3e8e647.src.rpmc2707ae7e1f39329eee939ca3864aadec3af320d1c11aed3ed2c873a84613365-ol9_x86_64_appstream
nodejs-nodemon-3.0.1-1.module+el9.8.0+90947+d3e8e647.src.rpm3c2b07c7d5cdf98c5942b18fa05905ca4e10824e0aabc0c086115a098873b2c2-ol9_x86_64_appstream
nodejs-packaging-2021.06-6.module+el9.8.0+90947+d3e8e647.src.rpm8ee9b69aaa37d416b38f17ab84818b1019d95ffddb062424c9fbac2bf4953bf0-ol9_x86_64_appstream
nodejs-22.23.1-1.module+el9.8.0+90947+d3e8e647.x86_64.rpm57010684c42385e7287b4306490d2d5e478ce5c1005b86dc3df75594786106c7-ol9_x86_64_appstream
nodejs-devel-22.23.1-1.module+el9.8.0+90947+d3e8e647.x86_64.rpm7dce422ec2eb7e2223a89d246018763ca3503deaeabf1112488093c3e2b3c779-ol9_x86_64_appstream
nodejs-docs-22.23.1-1.module+el9.8.0+90947+d3e8e647.noarch.rpm10612f627fbc824da390bb5651bd6c9eb38dcb2374ea5a583c944edd38b30ed5-ol9_x86_64_appstream
nodejs-full-i18n-22.23.1-1.module+el9.8.0+90947+d3e8e647.x86_64.rpmbf2777ee856cc8f5968b3c5a9a0a2bf463f2dca91e96297225a8de3838ece97d-ol9_x86_64_appstream
nodejs-libs-22.23.1-1.module+el9.8.0+90947+d3e8e647.x86_64.rpm4bc8802b26c20c50ad2ca280c79d977146cb672b0f0b36d9a14a7c098259d6d9-ol9_x86_64_appstream
nodejs-nodemon-3.0.1-1.module+el9.8.0+90947+d3e8e647.noarch.rpm585bcfc7eaab4c79c4a701bc2d8d0e17a39b997426547860ab06ab6a7b98dc65-ol9_x86_64_appstream
nodejs-packaging-2021.06-6.module+el9.8.0+90947+d3e8e647.noarch.rpme521f4e074ef3aa04b65998224e1564e80b7a5b0c76bb71731b8dd806a6f942b-ol9_x86_64_appstream
nodejs-packaging-bundler-2021.06-6.module+el9.8.0+90947+d3e8e647.noarch.rpm8befbd56ce9b26e12960f68515064ae2969cdd6c2fc25ea2c3c5c76fc48a1bd6-ol9_x86_64_appstream
npm-10.9.8-1.22.23.1.1.module+el9.8.0+90947+d3e8e647.x86_64.rpm40e27e8c70df17fbfb35e7e41db1c138192c2cf1e11411197e31384bf624b710-ol9_x86_64_appstream
v8-12.4-devel-12.4.254.21-1.22.23.1.1.module+el9.8.0+90947+d3e8e647.x86_64.rpm9748562f98977713778ba842cbfef1c27cc0049877bf2adcb5d6e50607714d9f-ol9_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete