Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package yauzl, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (1)
CVE-2026-31988 — CVSS 5.3 (medium): yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field…