Node.js Project Announces Critical Security Releases for December 2025

The Node.js project is preparing to release new versions for its 25.x, 24.x, 22.x, and 20.x release lines on or shortly after Monday, December 15, 2025. These releases are critical and will address several security vulnerabilities.

The upcoming security updates will resolve:

• Three high-severity issues
• One low-severity issue
• One medium-severity issue

Impact by Release Line:

• Node.js 25.x: Affected by three high-severity issues and one low-severity issue.
• Node.js 24.x: Affected by three high-severity issues, one low-severity issue, and one medium-severity issue.
• Node.js 22.x: Affected by three high-severity issues, one low-severity issue, and one medium-severity issue.
• Node.js 20.x: Affected by three high-severity issues, one low-severity issue, and one medium-severity issue.

It is crucial to note that End-of-Life (EOL) versions are inherently affected by security vulnerabilities and will not receive updates. To maintain the security of your systems, it is strongly recommended to use an up-to-date Node.js version, as detailed in the official Release Schedule.

Release Timing: These security releases are scheduled to be available on or shortly after Monday, December 15, 2025.

For commercial support regarding versions past the Maintenance LTS phase, please consult our OpenJS Ecosystem Sustainability Program partners.

Further Information and Updates:

• The current Node.js security policy can be found here.
• To report a vulnerability in Node.js, please follow the process outlined in the official SECURITY.md file.
• Stay informed about security vulnerabilities and related releases by subscribing to the low-volume, announcement-only nodejs-sec mailing list here.