/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-fg89-rq7v-4q6q

Published

Last updated

https://images.chainguard.dev/security/CGA-fg89-rq7v-4q6q
Package

renovate

RepositoryWolfi
Latest Update
Pending upstream fix
Aliases
  • CVE-2025-64118
  • GHSA-29xp-372q-xqph

Severity

Unknown

References

  • https://nvd.nist.gov/vuln/detail/CVE-2025-64118
  • https://github.com/advisories/GHSA-29xp-372q-xqph

Updates

Status

Pending upstream fix

Impact

The tar in the renovate package is brought in via a transient dependency of npm 11.6.2. Currently npm still pins tar to 7.5.1 in their latest version, we will have to wait for npm to bump their dependency and renovate to pin npm to the new npm version after it is released..

Status

Under investigation

Status

Fixed

Fixed version

41.169.3-r0

Status

Under investigation

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSGolden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsChainguard CoursesDocumentationTrust Center

Company

About UsBlogPartnersNewsroomCareersLegal