New security releases to be made available Wednesday, January 7, 2026
Commercial support for versions past the Maintenance LTS phase is available through our OpenJS Ecosystem Sustainability Program partners

Wednesday, January 7, 2026 Security Releases

TNJP

The Node.js Project

(Update 17-Dec-2025) Security Release target January 7th

We have decided to delay the release further to Wednesday, January 7th, 2026. Many of the downstream projects and users are on holiday break at the end of the year, and the security release will disclose the vulnerabilities being fixed as soon as the patches are available. We want to make sure that most users are no longer on holiday when they evaluate whether they are affected and need to perform time-sensitive upgrades.

(Update 15-Dec-2025) Security Release target December 18th

The team is still working on a particularly challenging patch, for this reason the release is being postponed to Thursday, December 18th or shortly after.

Summary

The Node.js project will release new versions of the 25.x, 24.x, 22.x, 20.x releases lines on or shortly after, Monday, December 15, 2025 in order to address:

  • 3 high severity issues.
  • 1 low severity issue.
  • 1 medium severity issue.

Impact

The 25.x release line of Node.js is vulnerable to 3 high severity issues, 1 low severity issue. The 24.x release line of Node.js is vulnerable to 3 high severity issues, 1 low severity issue, 1 medium severity issue. The 22.x release line of Node.js is vulnerable to 3 high severity issues, 1 low severity issue, 1 medium severity issue. The 20.x release line of Node.js is vulnerable to 3 high severity issues, 1 low severity issue, 1 medium severity issue.

It's important to note that End-of-Life versions are always affected when a security release occurs. To ensure your system's security, please use an up-to-date version as outlined in our Release Schedule.

Release timing

Releases will be available on, or shortly after, Monday, December 15, 2025.

Contact and future updates

The current Node.js security policy can be found at https://nodejs.org/en/security/. Please follow the process outlined in https://github.com/nodejs/node/blob/master/SECURITY.md if you wish to report a vulnerability in Node.js.

Subscribe to the low-volume announcement-only nodejs-sec mailing list at https://groups.google.com/forum/#!forum/nodejs-sec to stay up to date on security vulnerabilities and security-related releases of Node.js and the projects maintained in the nodejs GitHub organization.

NextTuesday, July 15, 2025 Security Releases
Last Updated
Dec 08, 2025
Reading Time
2 min
Contribute
Edit this page
Table of Contents
  1. (Update 17-Dec-2025) Security Release target January 7th
  2. (Update 15-Dec-2025) Security Release target December 18th
  3. Impact
  4. Release timing
  5. Contact and future updates