Over the last few weeks several security updates have been released for Node.js.
OpenSSL – Various updates fix OpenSSL bugs and apply to most versions of Node.js from V0.10.
DoS – The next update fixes a DoS (denial of service) vulnerability for versions v0.12 to v5. An attacker could cause the HTTP Socket to shut down. This is critical severity. Reference: CVE-2015-8027.
V8 Out-of-bounds access – This bug is with the V8 engines JSON implementation. Under certain circumstances, the severity is rated as high.
Node.js recommend all users upgrade ASAP. If you’ve already got a version/upgrade since the 4th December 2015, you can relax. If not, you should arrange to upgrade soon.