CVE-2026-41907

uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes small buf or large offset. This allows silent partial writes into caller-provided buffers. This vulnerability is fixed in 14.0.0...

CVE-2026-41907 uuid: Missing buffer bounds check in `v3`/`v5`/`v6` when `buf` is provided

uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes small buf or large offset. This allows silent partial writes into caller-provided buffers. This vulnerability is fixed in 14.0.0...

PT-2026-35061

Name of the Vulnerable Software and Affected Versions uuid versions prior to 14.0.0 Description The software used for creating RFC9562 formerly RFC4122 UUIDs contains an issue where v3, v5, and v6 accept external output buffers but fail to reject out-of-range writes, such as those involving a sma...

GHSA-W5HQ-G745-H8PQ uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided

Summary The v3, v5, and v6 API methods not uuid release versions accept external output buffers but do not reject out-of-range writes small buf or large offset. By contrast, v4, v1, and v7 API methods explicitly throw RangeError on invalid bounds. This inconsistency allows silent partial writes...