Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.

The Node.js Blog offers developers insights into Node.js runtime, JavaScript ecosystem, and server-side development. Developers can learn about asynchronous programming, event-driven architecture, and building scalable web applications with Node.js, as well as explore updates, releases, and best practices from the Node.js community.

Node.js

The OpenSSL project released 12 CVEs in January 2026, with three affecting Node.js at Low to Moderate severity. All three vulnerabilities relate to PFX (PKCS#12) certificate file processing used in TLS configuration. CVE-2025-11187 (Moderate) affects v22.x and later with OpenSSL 3.5.4, while CVE-2025-69421 and CVE-2026-22795 (both Low) affect all Node.js branches. The limited attack surface means fixes will be included in regular releases rather than dedicated security releases. Nine other CVEs do not affect Node.js due to unused APIs or disabled features.

Node.js — OpenSSL Security Advisory Assessment, January 2026