Node.js dexie module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the Dexie.setByKeyPath(obj, keyPath, value) function. By adding or modifying properties of Object.prototype using a proto or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
Node.js sqlite3 module is vulnerable to a denial of service, caused by improper input validation by the toString function. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause the V8 engine to crash, and results in a denial of service condition.
Upgrade to the latest version of Node.js, available from the Node.js Website.