Known Vulnerabilities for Sdk-node by @opentelemetry
Listed below are 10 of the newest known vulnerabilities associated with "Sdk-node" by "@opentelemetry".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-59892 json | OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes inc... | Not Provided | 2026-07-08 | 2026-07-08 |
| CVE-2026-59875 json | node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path ... | Not Provided | 2026-07-08 | 2026-07-09 |
| CVE-2026-59874 json | node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header ... | Not Provided | 2026-07-08 | 2026-07-08 |
| CVE-2026-59873 json | node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on t... | Not Provided | 2026-07-08 | 2026-07-08 |
| CVE-2026-59871 json | node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath... | Not Provided | 2026-07-08 | 2026-07-08 |
| CVE-2026-59817 json | Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an una... | Not Provided | 2026-07-09 | 2026-07-09 |
| CVE-2026-59257 json | n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection vulnerability in the legacy MySQL v... | Not Provided | 2026-07-08 | 2026-07-09 |
| CVE-2026-59209 json | n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-... | Not Provided | 2026-07-09 | 2026-07-09 |
| CVE-2026-58579 json | RAGFlow before 0.26.3 stores an agent pipeline (DSL) node name without sanitization: the agent update endpoint normalizes the... | Not Provided | 2026-07-02 | 2026-07-06 |
| CVE-2026-58578 json | LobeChat before version 2.2.10-canary.15 contains a regular expression denial of service (ReDoS) vulnerability that allows au... | Not Provided | 2026-07-02 | 2026-07-07 |