Register | Log in

node-ip-address

library for parsing IPv4 and IPv6 IP addresses in node and the browser

Choose email to subscribe with

general

source: node-ip-address (main)
version: 8.1.0-3
maintainer: Debian Javascript Maintainers (archive) (DMD)
uploaders: Yadd [DMD]
arch: all
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 6.4.0-1
oldstable: 8.1.0-2
stable: 8.1.0-2
testing: 8.1.0-3
unstable: 8.1.0-3

versioned links

6.4.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8.1.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8.1.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

node-ip-address

action needed

A new upstream version is available: 10.0.1 high

A new upstream version 10.0.1 is available, you should consider packaging it.

Created: 2025-11-27 Last update: 2026-05-16 16:00

Failed to analyze the VCS repository. Please troubleshoot and fix the issue. high

vcswatch reports that there is an error with this package's VCS, or the debian/changelog file inside it. Please check the error shown below and try to fix it. You might have to update the VCS URL in the debian/control file to point to the correct repository.

fatal: missing blob object '648fa17f2e49299a3dc0950269146b27154e869f' error: remote did not send all necessary objects Auto packing the repository in background for optimum performance. See 'git help gc' for manual housekeeping. warning: The last gc run reported the following. Please correct the root cause and remove gc.log Automatic cleanup will not be performed until the file is removed. warning: Failed to write bitmap index. Packfile doesn't have full closure (object e543841644969edccb86675b1e6819cbf6276581 is missing) fatal: failed to write bitmap index fatal: failed to run repack

Created: 2026-05-16 Last update: 2026-05-16 15:03

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2026-42338: ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can contain unescaped attacker-controlled content in one branch. An application that (1) passes untrusted input to Address6 and (2) renders the output of these methods, or the thrown error's parseMessage, as HTML (e.g. via innerHTML) is vulnerable to cross-site scripting. This vulnerability is fixed in 10.1.1.

Created: 2026-05-15 Last update: 2026-05-15 15:46

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2026-42338: ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can contain unescaped attacker-controlled content in one branch. An application that (1) passes untrusted input to Address6 and (2) renders the output of these methods, or the thrown error's parseMessage, as HTML (e.g. via innerHTML) is vulnerable to cross-site scripting. This vulnerability is fixed in 10.1.1.

Created: 2026-05-15 Last update: 2026-05-15 15:46

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-42338: ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can contain unescaped attacker-controlled content in one branch. An application that (1) passes untrusted input to Address6 and (2) renders the output of these methods, or the thrown error's parseMessage, as HTML (e.g. via innerHTML) is vulnerable to cross-site scripting. This vulnerability is fixed in 10.1.1.

Created: 2026-05-15 Last update: 2026-05-15 15:46

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2026-42338: ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can contain unescaped attacker-controlled content in one branch. An application that (1) passes untrusted input to Address6 and (2) renders the output of these methods, or the thrown error's parseMessage, as HTML (e.g. via innerHTML) is vulnerable to cross-site scripting. This vulnerability is fixed in 10.1.1.

Created: 2026-05-15 Last update: 2026-05-15 15:46

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2026-42338: ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can contain unescaped attacker-controlled content in one branch. An application that (1) passes untrusted input to Address6 and (2) renders the output of these methods, or the thrown error's parseMessage, as HTML (e.g. via innerHTML) is vulnerable to cross-site scripting. This vulnerability is fixed in 10.1.1.

Created: 2026-05-15 Last update: 2026-05-15 15:46

Multiarch hinter reports 1 issue(s) normal

There are issues with the multiarch metadata for this package.

node-ip-address could be marked Multi-Arch: foreign

Created: 2025-12-31 Last update: 2026-05-16 14:00

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2026-04-10 Last update: 2026-04-10 18:02

debian/patches: 1 patch to forward upstream low

Among the 1 debian patch available in version 8.1.0-3 of the package, we noticed the following issues:

1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-10-10 21:01

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.2).

Created: 2025-12-23 Last update: 2026-03-31 15:01

news

[2026-05-16] Accepted node-ip-address 10.2.0-1 (source) into experimental (Xavier Guimard)
[2025-10-12] node-ip-address 8.1.0-3 MIGRATED to testing (Debian testing watch)
[2025-10-10] Accepted node-ip-address 8.1.0-3 (source) into unstable (Santiago Vila)
[2021-11-21] node-ip-address 8.1.0-2 MIGRATED to testing (Debian testing watch)
[2021-11-17] Accepted node-ip-address 8.1.0-2 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2021-11-16] Accepted node-ip-address 8.1.0-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2020-09-19] node-ip-address 6.4.0-1 MIGRATED to testing (Debian testing watch)
[2020-09-17] Accepted node-ip-address 6.4.0-1 (source) into unstable (Andrius Merkys)
[2020-04-12] node-ip-address 6.3.0-2 MIGRATED to testing (Debian testing watch)
[2020-04-10] Accepted node-ip-address 6.3.0-2 (source) into unstable (Andrius Merkys)
[2020-04-09] Accepted node-ip-address 6.3.0-1 (source all) into unstable, unstable (Debian FTP Masters) (signed by: Andrius Merkys)

bugs [bug history graph]

all: 0

links

homepage
lintian (0, 1)
buildd: logs, reproducibility
popcon
browse source code
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 8.1.0-3

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing