{"vulnerability": "cve-2026-5987", "sightings": [{"uuid": "c3949630-920c-4acc-bfb1-3f0c3d049479", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59873", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq5kohrtec2b", "content": "CVE-2026-59873 - node-tar\nA maliciously crafted file can cause a Node.js application that uses node-tar to run out of disk space and consume excessive CPU resources. This can happen when a user downloads a\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#nodetar #isaacs #CVE #infosec", "creation_timestamp": "2026-07-08T16:40:05.787019Z"}, {"uuid": "7ce6f458-d274-4d94-9edf-c66a1929426a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59873", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq5ob632iw2e", "content": "CVE-2026-59873 - node-tar: Decompression/parse DoS via unlimited input\nCVE ID : CVE-2026-59873\n \n Published : July 8, 2026, 4:16 p.m. | 58\u00a0minutes ago\n \n Description : node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard u...", "creation_timestamp": "2026-07-08T17:44:14.242846Z"}, {"uuid": "1f425092-e76c-4567-a6c2-e4c19a5ed0ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59874", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq5opkl5622x", "content": "CVE-2026-59874 - node-tar: Negative tar entry size causes infinite loop in archive replace\nCVE ID : CVE-2026-59874\n \n Published : July 8, 2026, 4:16 p.m. | 58\u00a0minutes ago\n \n Description : node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace ...", "creation_timestamp": "2026-07-08T17:52:19.887016Z"}, {"uuid": "6320c2d3-230d-4c55-a720-6b43c73cc5bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59879", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq63ma3dqe2i", "content": "CVE-2026-59879 - Immutable.js `List` 32-bit trie overflow \u2192 unrecoverable DoS\nCVE ID : CVE-2026-59879\n \n Published : July 8, 2026, 5:17 p.m. | 3\u00a0hours, 57\u00a0minutes ago\n \n Description : Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Li...", "creation_timestamp": "2026-07-08T21:43:06.912728Z"}, {"uuid": "75d5db75-5055-4da3-b8f4-0ae187fb334a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59873", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mqdqd5m7ne2l", "content": "\ud83d\udccc CVE-2026-59873 - node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, e... https://www.cyberhub.blog/cves/CVE-2026-59873", "creation_timestamp": "2026-07-11T03:37:07.250009Z"}, {"uuid": "cb56de77-75c0-4d11-8cad-d2f0c120599a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59879", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mqe7fxgexo2n", "content": "\ud83d\udccc CVE-2026-59879 - Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, List#set, List#setSize, List#setIn, List#updateIn, and the ... https://www.cyberhub.blog/cves/CVE-2026-59879", "creation_timestamp": "2026-07-11T08:07:07.789686Z"}, {"uuid": "3a480704-782e-4e06-a340-ca5fe4d17f36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59874", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mqecrablfk2f", "content": "\ud83d\udccc CVE-2026-59874 - node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 ... https://www.cyberhub.blog/cves/CVE-2026-59874", "creation_timestamp": "2026-07-11T09:07:08.220120Z"}]}