Title: Openssl vulnerabilities in node22 releases · Issue #63166 · nodejs/node · GitHub
Open Graph Title: Openssl vulnerabilities in node22 releases · Issue #63166 · nodejs/node
X Title: Openssl vulnerabilities in node22 releases · Issue #63166 · nodejs/node
Description: We are using node 22.22.1 (https://nodejs.org/en/download/archive/v22.22.1) and it has several CVEs related to openssl: https://nvd.nist.gov/vuln/detail/CVE-2026-31789 https://nvd.nist.gov/vuln/detail/CVE-2026-31789 https://nvd.nist.gov/...
Open Graph Description: We are using node 22.22.1 (https://nodejs.org/en/download/archive/v22.22.1) and it has several CVEs related to openssl: https://nvd.nist.gov/vuln/detail/CVE-2026-31789 https://nvd.nist.gov/vuln/det...
X Description: We are using node 22.22.1 (https://nodejs.org/en/download/archive/v22.22.1) and it has several CVEs related to openssl: https://nvd.nist.gov/vuln/detail/CVE-2026-31789 https://nvd.nist.gov/vuln/det...
Opengraph URL: https://github.com/nodejs/node/issues/63166
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Openssl vulnerabilities in node22 releases","articleBody":"We are using node 22.22.1 (https://nodejs.org/en/download/archive/v22.22.1) and it has several CVEs related to openssl:\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31789\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31789\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-28389\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-28390\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31790\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-28388\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-28387\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-2673\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-28387\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-28390\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-28388\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-28389\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31790\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-2673\n\nWe tracked and upgraded to several minor releases for node 22, but no release adopted latest openssl that can fix above CVEs. Is there any specific reason why node is not upgrading the openssl version?\nAWS inspector is flagging all our images as vulnerable and asking to switch from 3.5.5 to 3.6.2.","author":{"url":"https://github.com/shindesayalip","@type":"Person","name":"shindesayalip"},"datePublished":"2026-05-07T11:52:04.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":2},"url":"https://github.com/63166/node/issues/63166"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:37239846-3403-b8e0-f9e1-5910ff396d1d |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | B226:35BB07:C5AF51:10C8967:6A4C56EA |
| html-safe-nonce | c8f9dcdb314172968579cbb9f143d10a9f6f4cfb8d088026a8ff0aae9c842a21 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJCMjI2OjM1QkIwNzpDNUFGNTE6MTBDODk2Nzo2QTRDNTZFQSIsInZpc2l0b3JfaWQiOiIyNzIzNDEyOTEyNzY4ODMzMjU4IiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0= |
| visitor-hmac | cd4b601fa463e2bccab089824ee64a27dfd41dae19c845b5b6faa823952f5a22 |
| hovercard-subject-tag | issue:4398531353 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/nodejs/node/63166/issue_layout |
| twitter:image | https://opengraph.githubassets.com/ea22f47674796509f2e8671cd78cb719636d51b1eb38aaac732c104d2af3a725/nodejs/node/issues/63166 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/ea22f47674796509f2e8671cd78cb719636d51b1eb38aaac732c104d2af3a725/nodejs/node/issues/63166 |
| og:image:alt | We are using node 22.22.1 (https://nodejs.org/en/download/archive/v22.22.1) and it has several CVEs related to openssl: https://nvd.nist.gov/vuln/detail/CVE-2026-31789 https://nvd.nist.gov/vuln/det... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | shindesayalip |
| hostname | github.com |
| expected-hostname | github.com |
| None | 3d11bb817438277de2a940854450e83a7d32b6aeb5014e9e6b00a6423900251c |
| turbo-cache-control | no-preview |
| go-import | github.com/nodejs/node git https://github.com/nodejs/node.git |
| octolytics-dimension-user_id | 9950313 |
| octolytics-dimension-user_login | nodejs |
| octolytics-dimension-repository_id | 27193779 |
| octolytics-dimension-repository_nwo | nodejs/node |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 27193779 |
| octolytics-dimension-repository_network_root_nwo | nodejs/node |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 14099438da5379150f15a2892474c7c7e6c0e55e |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width