Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Seal Security

#22e2d327-25fe-45d7-9f0c-dcd23b7108df
PolicyEmail

Short Name

seal

Program Role

CNA

Top Level Root

MITRE Corporation

Security Advisories

View Advisories

Domain

sealsecurity.io

Country

USA

Scope

Vulnerabilities in Seal products or services and vulnerabilities discovered in open source libraries unless covered by the scope of another CNA.
Reported CVEsVendorsProductsReports
3Vulnerabilities found

CVE-2026-13149
Assigner-Seal Security
ShareView Details
Assigner-Seal Security
CVSS Score-7.7||HIGH
EPSS-0.36% / 28.08%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 08:30
Updated-30 Jun, 2026 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand() function exhibits exponential-time complexity in the number of consecutive non-expanding '{}' brace groups. An attacker who passes a crafted string to expand(), directly or transitively, can cause significant CPU consumption and event-loop blocking. The max option does not mitigate this, as it bounds the output size rather than the recursion work.

Action-Not Available
Vendor-juliangruber
Product-brace-expansion
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2026-45822
Assigner-Seal Security
ShareView Details
Assigner-Seal Security
CVSS Score-6.6||MEDIUM
EPSS-0.30% / 22.19%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 08:05
Updated-30 Jun, 2026 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on '%' producing N tokens and calls decodeComponents(), exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately 33s. An attacker can cause significant CPU consumption and event-loop blocking via crafted input.

Action-Not Available
Vendor-SamVerschueren
Product-decode-uri-component
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2024-12905
Assigner-Seal Security
ShareView Details
Assigner-Seal Security
CVSS Score-7.5||HIGH
EPSS-2.19% / 80.21%
||
7 Day CHG+0.08%
Published-27 Mar, 2025 | 16:25
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package. This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.

Action-Not Available
Vendor-
Product-
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')