| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-24842 | node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal | isaacs | node-tar | High | 8.2 | 2026-01-28 00:20:13 | Deep Dive |
| CVE-2026-21636 | Node.js 安全漏洞 | nodejs | node | 中危 | - | 2026-01-20 20:41:56 | Deep Dive |
| CVE-2025-55131 | Node.js 安全漏洞 | nodejs | node | - | - | 2026-01-20 20:41:56 | Deep Dive |
| CVE-2025-55132 | Node.js 安全漏洞 | nodejs | node | 低危 | - | 2026-01-20 20:41:56 | Deep Dive |
| CVE-2025-59464 | Node.js 安全漏洞 | nodejs | node | 中危 | - | 2026-01-20 20:41:56 | Deep Dive |
| CVE-2025-59466 | Node.js 安全漏洞 | nodejs | node | 中危 | - | 2026-01-20 20:41:56 | Deep Dive |
| CVE-2026-21637 | Node.js 安全漏洞 | nodejs | node | 中危 | - | 2026-01-20 20:41:55 | Deep Dive |
| CVE-2025-55130 | Node.js 安全漏洞 | nodejs | node | - | - | 2026-01-20 20:41:55 | Deep Dive |
| CVE-2025-59465 | Node.js 安全漏洞 | nodejs | node | - | - | 2026-01-20 20:41:55 | Deep Dive |
| CVE-2026-22844 | Zoom Node Deployments - Command Injection | Zoom Communications Inc. | Zoom Node | Critical | 9.9 | 2026-01-20 13:57:45 | Deep Dive |
| CVE-2026-23950 | node-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFS | isaacs | node-tar | High | 8.8 | 2026-01-20 00:40:49 | Deep Dive |
| CVE-2026-23745 | node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization | isaacs | node-tar | 中危 | - | 2026-01-16 22:00:09 | Deep Dive |
| CVE-2025-54369 | Node-SAML SAML Authentication Bypass | node-saml | node-saml | 超危 | - | 2025-12-12 23:03:52 | Deep Dive |
| CVE-2025-65945 | auth0/node-jws improper HMAC signature verification vulnerability | auth0 | node-jws | High | 7.5 | 2025-12-04 18:45:38 | Deep Dive |
| CVE-2025-12816 | CVE-2025-12816 | Digital Bazaar | node-forge | - | - | 2025-11-25 19:15:50 | Deep Dive |
| CVE-2025-64756 | glob CLI: Command injection via -c/--cmd executes matches with shell:true | isaacs | node-glob | High | 7.5 | 2025-11-17 17:29:08 | Deep Dive |
| CVE-2025-64118 | node-tar vulnerable to race condition leading to uninitialized memory exposure | isaacs | node-tar | - | - | 2025-10-30 17:50:20 | Deep Dive |
| CVE-2025-11149 | node-static 安全漏洞 | - | node-static | High | 7.5 | 2025-09-30 05:00:08 | Deep Dive |
| CVE-2025-59331 | is-arrayish@0.3.3 contains malware after npm account takeover | Qix- | node-is-arrayish | - | - | 2025-09-15 19:21:30 | Deep Dive |
| CVE-2025-59330 | error-ex@1.3.3 contains malware after npm account takeover | Qix- | node-error-ex | - | - | 2025-09-15 19:19:22 | Deep Dive |