4 matches found
ROOT-APP-NPM-CVE-2026-31988 CVE-2026-31988 in @rootio/yauzl - Patched by Root
Root has patched CVE-2026-31988 in the @rootio/yauzl package for Root:npm. Multiple fixed versions available...
CVE-2026-31988 vulnerabilities
Vulnerabilities for packages: gemini-cli, kibana, langfuse, opensearch-dashboards, opensearch-dashboards-fips, foxx-cli, langfuse-fips, renovate, code-server, librechat...
SUSE CVE-2026-31988
yauzl aka Yet Another Unzip Library version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate function. The while loop condition checks cursor data.length + 4 instead of cursor + 4 = data.length, allowing readUInt16LE to rea...
CVE-2026-31988
creationtimestamp| type| source ---|---|--- 2026-03-11 22:16:00+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-31988...