HIGH
Uuidjs
CVE published 2026-04-24
CVE-2026-41907
CVE-2026-41907 affects the uuidjs/uuid package used in Node.js. According to the vendor advisory and NVD, versions prior to 14.0.0 do not properly reject out-of-range writes when v3, v5, or v6 are given external output buffers, which can lead to silent partial writes into caller-provided memory. The issue was published on 2026-04-24 and updated on 2026-05-11. The fix is in 14.0.0.