22 lines
663 B
Plaintext
22 lines
663 B
Plaintext
# Node.js / npm ecosystem
|
|
|
|
# glob CLI command injection (CVE-2025-64756)
|
|
# Only affects glob -c/--cmd; we only use glob as a library in Vite/SvelteKit.
|
|
CVE-2025-64756
|
|
|
|
# Go stdlib false positives in esbuild binary
|
|
# esbuild doesn't use the vulnerable archive/tar or crypto/x509 paths in a way that's exploitable.
|
|
CVE-2025-58183
|
|
CVE-2025-61729
|
|
|
|
# Additional Go stdlib findings in embedded binaries
|
|
# These are from bundled toolchain/binary context, not executable paths used by the app runtime.
|
|
CVE-2025-68121
|
|
CVE-2025-61726
|
|
CVE-2025-61728
|
|
|
|
# jaraco.context Has a Path Traversal Vulnerability Fixed via setuptools
|
|
GHSA-58pv-8j8x-9vj2
|
|
CVE-2026-23949
|
|
CVE-2026-24049
|