A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized parser input.
How-To Geek on MSN
Node 25.4.0 solves the import require mess and adds more features
The update smooths out mixed module workflows.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results