Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

isaacs — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting isaacs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by isaacs:node-tarminimatchnode-globbrace-expansion
CVE IDTitleCVSSSeverityPublished
CVE-2026-31802 node-tar Symlink Path Traversal via Drive-Relative Linkpath — node-tarCWE-22 7.5AIHighAI2026-03-09
CVE-2026-29786 node-tar: Hardlink Path Traversal via Drive-Relative Linkpath — node-tarCWE-22 7.5 -2026-03-07
CVE-2026-27904 minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions — minimatchCWE-1333 7.5 High2026-02-26
CVE-2026-27903 minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments — minimatchCWE-407 7.5 High2026-02-26
CVE-2026-26996 minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern — minimatchCWE-1333 7.5 -2026-02-20
CVE-2026-26960 node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction — node-tarCWE-22 7.1 High2026-02-20
CVE-2026-25547 Uncontrolled Resource Consumption in @isaacs/brace-expansion — brace-expansionCWE-1333 7.5AIHighAI2026-02-04
CVE-2026-24842 node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal — node-tarCWE-22 8.2 High2026-01-28
CVE-2026-23950 node-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFS — node-tarCWE-176 8.8 High2026-01-20
CVE-2026-23745 node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization — node-tarCWE-22 9.1 -2026-01-16
CVE-2025-64756 glob CLI: Command injection via -c/--cmd executes matches with shell:true — node-globCWE-78 7.5 High2025-11-17
CVE-2025-64118 node-tar vulnerable to race condition leading to uninitialized memory exposure — node-tarCWE-362 5.3AIMediumAI2025-10-30
CVE-2024-28863 node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation — node-tarCWE-400 6.5 Medium2024-03-21

This page lists every published CVE security advisory associated with isaacs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.