[Git][security-tracker-team/security-tracker][master] Add CVE-2026-33228/node-flatted

Sat Mar 21 08:37:18 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
959a3718 by Salvatore Bonaccorso at 2026-03-21T09:36:09+01:00
Add CVE-2026-33228/node-flatted

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -145,7 +145,9 @@ CVE-2026-33230 (NLTK (Natural Language Toolkit) is a suite of open source Python
 	NOTE: https://github.com/nltk/nltk/security/advisories/GHSA-gfwx-w7gr-fvh7
 	NOTE: https://github.com/nltk/nltk/commit/1c3f799607eeb088cab2491dcf806ae83c29ad8f
 CVE-2026-33228 (flatted is a circular JSON parser. Prior to version 3.4.2, the parse() ...)
-	TODO: check
+	- node-flatted <unfixed>
+	NOTE: https://github.com/WebReflection/flatted/security/advisories/GHSA-rf6f-7fwh-wjgh
+	NOTE: Fixed by: https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802 (v3.4.2)
 CVE-2026-33226 (Budibase is a low code platform for creating internal tools, workflows ...)
 	NOT-FOR-US: Budibase
 CVE-2026-33221 (Nhost is an open source Firebase alternative with GraphQL. Prior to ve ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/959a371865ab79dc3158a11c2905ba001b987c68

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/959a371865ab79dc3158a11c2905ba001b987c68
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260321/b432a06a/attachment.htm>
