Node.js released updates fixing a critical DoS flaw caused by async_hooks stack crashes, tracked as CVE-2025-59466, impacting ...

修复措施检测栈溢出错误并将其重新抛给用户代码，而不是将其视为致命错误。该漏洞被追踪为CVE-2025-59466（CVSS评分：7.5）。尽管具有重大的实际影响，但Node.js表示由于以下几个原因，他们将此修复仅视为缓解措施： ...

Several security vulnerabilities, some classified as high-risk, have been discovered in the popular JavaScript runtime ...

2026年1月13日，Node.js官方发布紧急安全更新，修复多个活跃版本中的7个中高危漏洞，涵盖内存泄漏、拒绝服务（DoS）和权限绕过等风险。官方敦促受影响系统立即升级。

Finding the right talent in the tech industry is rarely a simple task, but sourcing high-quality Node.js developers can feel ...

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not ...

InvisibleJS是一款利用不可见零宽度Unicode字符隐藏JavaScript代码的新型开源工具，其潜在恶意用途已引发安全警报。该工具由开发者oscarmine托管在GitHub上，采用隐写术技术将源代码嵌入看似空白的文件中。 工作原理 ...

The jsPDF library for generating PDF documents in JavaScript applications is vulnerable to a critical vulnerability that ...

A jsPDF vulnerability tracked as CVE-2025-68428 could allow attackers to read arbitrary files, exposing configurations and ...

The key themes that defined the year behind us will also shape the one ahead. The most-read articles of 2025 tracked a return ...

A critical CVSS 9.2 flaw in AdonisJS bodyparser lets attackers write arbitrary files via path traversal when uploads are ...