Search CVE reports


Toggle filters

321 – 330 of 42760 results

Status is adjusted based on your filters.


CVE-2026-59875

Medium priority
Needs evaluation

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open...

1 affected package

node-tar

Package 20.04 LTS
node-tar Needs evaluation
Show less packages

CVE-2026-59874

Medium priority
Needs evaluation

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while...

1 affected package

node-tar

Package 20.04 LTS
node-tar Needs evaluation
Show less packages

CVE-2026-59873

Medium priority
Needs evaluation

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as...

1 affected package

node-tar

Package 20.04 LTS
node-tar Needs evaluation
Show less packages

CVE-2026-59871

Medium priority
Needs evaluation

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such...

1 affected package

node-tar

Package 20.04 LTS
node-tar Needs evaluation
Show less packages

CVE-2026-59870

Medium priority
Needs evaluation

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11_SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem() to perform a linear duplicate-key scan on every insertion,...

1 affected package

node-js-yaml

Package 20.04 LTS
node-js-yaml Needs evaluation
Show less packages

CVE-2026-59869

Medium priority
Needs evaluation

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys...

1 affected package

node-js-yaml

Package 20.04 LTS
node-js-yaml Needs evaluation
Show less packages

CVE-2026-59868

Medium priority
Needs evaluation

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys...

1 affected package

node-js-yaml

Package 20.04 LTS
node-js-yaml Needs evaluation
Show less packages

CVE-2026-49147

Medium priority
Needs evaluation

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences,...

1 affected package

ack

Package 20.04 LTS
ack Needs evaluation
Show less packages

CVE-2026-49146

Medium priority
Needs evaluation

App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options....

1 affected package

ack

Package 20.04 LTS
ack Needs evaluation
Show less packages

CVE-2026-49145

Medium priority
Needs evaluation

App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source...

1 affected package

ack

Package 20.04 LTS
ack Needs evaluation
Show less packages