4 matches found
ROOT-APP-NPM-CVE-2026-31802 CVE-2026-31802 in @rootio/tar - Patched by Root
Root has patched CVE-2026-31802 in the @rootio/tar package for Root:npm. Multiple fixed versions available...
CVE-2026-31802 vulnerabilities
Vulnerabilities for packages: lerna, pnpm-stage0, node-gyp, renovate, sqlpad, tileserver-gl, pulumi, py3-jupyterlab, saf, kubeflow-centraldashboard...
org.webjars.npm:canvas (>=2.5.0 <=2.6.0), org.webjars.npm:color-thief (=2.2.5) +12 more potentially affected by CVE-2026-31802 via org.webjars.npm:tar (>=0.1.20 <=4.4.19)
org.webjars.npm:tar MAVEN version =0.1.20, =2.5.0, =0.97.5, =0.2.0, =3.4.0, =0.6.19, =2.0.0, =3.1.4, =3.4.1 - org.webjars.npm:tar.gz =1.0.7 Source cves: CVE-2026-31802 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15456202...
CVE-2026-31802
creationtimestamp| type| source ---|---|--- 2026-03-09 05:53:24+00:00| published-proof-of-concept| https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/ 2026-03-29 00:00:04+00:00|...