VYPR

apk package

chainguard/actions-runner-compat

pkg:apk/chainguard/actions-runner-compat

Vulnerabilities (1)

  • CVE-2025-64118MedOct 30, 2025
    affected < 0fixed 0

    node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2.