Hi ,
could you please take a look into this:
CVE-2005-2541 | MEDIUM REDHAT: https://nvd.nist.gov/vuln/detail/CVE-2005-2541 “This is the documented and expected behaviour of tar.”
CVE-2025-64118 | MEDIUM => isaacs/node-tar#445 (filed Oct 25), fixed in 7.5.2 on Oct 31st, 2025
CVE-2026-25679 | HIGH => https://go.dev/issue/77578 (filed Feb 12th) Release of Trident 26.02.0 : Feb 27, 2026
CVE-2026-27142 | MEDIUM => https://go.dev/issue/77954 (filed Mar 4th – too late to include)
CVE-2026-32280 | HIGH => golang/go#78282 (filed in March, crypto/x509)
CVE-2026-32281 | MEDIUM => golang/go#78281 (filed in March, crypto/x509)
CVE-2026-32288 | MEDIUM => golang/go#78301 (filed in March, archive/tar)
CVE-2026-32289 | MEDIUM => golang/go#78331 (filed in March, html/template)
CVE-2026-33056 | MEDIUM => GHSA-j4xf-2g29-59ph (Mar 19, tsr/rs)
CVE-2026-33186 | CRITICAL => GHSA-p77j-4mvh-x3m3 (Mar 18, grpc-go)
CVE-2026-4046 | MEDIUM => Bugzilla https://sourceware.org/bugzilla/show_bug.cgi?id=33980 , reported Mar 12, fixed Apr 19th (IBM1390/1399 encoding)
CVE-2026-4437 | MEDIUM => Bugzilla https://sourceware.org/bugzilla/show_bug.cgi?id=34014 , reported Mar 20, fixed Mar 30th (DNS)
CVE-2026-5704 | MEDIUM => Bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=2455360, reported April 6th (tar issue)
Hi ,
could you please take a look into this: