Node.js has released a security advisory warning users to update to the latest version to protect against a series of bugs.

The first vulnerability (CVE-2021-22931) is an improper handling of untypical characters in domain names, which opened the door to remote code execution (RCE), cross-site scripting (XSS) and application crashes.

A second vulnerability (CVE-2021-22939) is the incomplete validation of "rejectUnauthorized" parameter. Finally, a use-after-free flaw (CVE-2021-22940) could allow an attacker to exploit memory corruption to change process behavior.