Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

isaacs — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting isaacs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Isaacs serves as a middleware component facilitating data integration and API connectivity between enterprise systems. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its 13 recorded CVEs. The platform's complex architecture and extensive third-party integrations have created attack surfaces where improper input validation and insecure deserialization have been recurrent problems. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities across multiple versions suggests ongoing challenges in secure coding practices and comprehensive testing protocols for this integration middleware.

Top products by isaacs: node-tar minimatch node-glob brace-expansion
CVE IDTitleCVSSSeverityPublished
CVE-2026-31802 node-tar Symlink Path Traversal via Drive-Relative Linkpath — node-tarCWE-22 7.5AIHighAI2026-03-09
CVE-2026-29786 node-tar: Hardlink Path Traversal via Drive-Relative Linkpath — node-tarCWE-22 7.5 -2026-03-07
CVE-2026-27904 minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions — minimatchCWE-1333 7.5 High2026-02-26
CVE-2026-27903 minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments — minimatchCWE-407 7.5 High2026-02-26
CVE-2026-26996 minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern — minimatchCWE-1333 7.5 -2026-02-20
CVE-2026-26960 node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction — node-tarCWE-22 7.1 High2026-02-20
CVE-2026-25547 Uncontrolled Resource Consumption in @isaacs/brace-expansion — brace-expansionCWE-1333 7.5AIHighAI2026-02-04
CVE-2026-24842 node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal — node-tarCWE-22 8.2 High2026-01-28
CVE-2026-23950 node-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFS — node-tarCWE-176 8.8 High2026-01-20
CVE-2026-23745 node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization — node-tarCWE-22 9.1 -2026-01-16
CVE-2025-64756 glob CLI: Command injection via -c/--cmd executes matches with shell:true — node-globCWE-78 7.5 High2025-11-17
CVE-2025-64118 node-tar vulnerable to race condition leading to uninitialized memory exposure — node-tarCWE-362 5.3AIMediumAI2025-10-30
CVE-2024-28863 node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation — node-tarCWE-400 6.5 Medium2024-03-21

This page lists every published CVE security advisory associated with isaacs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.