The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
IEEE

Workload characterization of server-side JavaScript

Abstract: Recently, scripting languages are becoming popular as languages to develop server-side applications. Modern JavaScript compilers significantly optimize JavaScript code, but their main ...
Bleeping Computer

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. The security issue is tracked as CVE-2026-26956 and ...
heise online

Deno 2.7 sharpens Node.js compatibility and stabilizes Temporal

Version 2.7 of the runtime for JavaScript and TypeScript stabilizes the Temporal API, introduces npm overrides, and significantly improves Node.js compatibility. With Deno 2.7, the team releases an ...
Security Boulevard

CVE-2026-25639: Axios Vulnerability Triggers DoS in Node.js Applications

A newly disclosed vulnerability tracked as CVE-2026-25639 puts Node.js applications using Axios at risk of remote Denial-of-Service attacks. By sending a specially ...
CSOonline

Critical bug in popular vm2 Node.js sandboxing library puts projects at risk

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and execute arbitrary code. A critical vulnerability has been patched in vm2, a ...
The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating ...
Bleeping Computer

Popular JavaScript library expr-eval vulnerable to RCE flaw

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. The ...
Security Boulevard

Top 15 Visual Studio Code Extensions for Node.js Development

Node.js continues to be a powerhouse for building scalable network applications, and in 2024, developers are leveraging Visual Studio Code more than ever to streamline their workflow. While VS Code ...
SecurityWeek

Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers

OPSWAT details two critical vulnerabilities in the Mongoose ODM library for MongoDB leading to remote code execution on the Node.js server. Two critical-severity vulnerabilities in the Mongoose Object ...
theregister

Critical flaws in Mongoose library expose MongoDB to data thieves, code execution

Security sleuths found two critical vulnerabilities in a third-party library that MongoDB relies on, which means bad guys can potentially steal data and run code. Mongoose is an Object Data Modeling ...
InfoWorld

What is TypeScript? Strongly typed JavaScript

TypeScript’s strong typing enables a variety of features that increase developer efficiency, especially when dealing with enterprise-scale codebases. TypeScript is compiled, rather than interpreted ...