| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-32288 | Unbounded allocation for old GNU sparse in archive/tar | Go standard library | archive/tar | - | - | 2026-04-08 01:06:57 | Deep Dive |
| CVE-2026-33056 | tar-rs: unpack_in can chmod arbitrary directories by following symlinks | alexcrichton | tar-rs | 中危 | - | 2026-03-20 07:11:10 | Deep Dive |
| CVE-2026-33055 | tar-rs incorrectly ignores PAX size headers if header size is nonzero | alexcrichton | tar-rs | 中危 | - | 2026-03-20 07:06:08 | Deep Dive |
| CVE-2026-32766 | astral-tokio-tar insufficiently validates PAX extensions during extraction | astral-sh | tokio-tar | 低危 | - | 2026-03-20 00:07:36 | Deep Dive |
| CVE-2026-31802 | node-tar Symlink Path Traversal via Drive-Relative Linkpath | isaacs | node-tar | - | - | 2026-03-09 21:11:57 | Deep Dive |
| CVE-2026-29786 | node-tar: Hardlink Path Traversal via Drive-Relative Linkpath | isaacs | node-tar | 中危 | - | 2026-03-07 15:32:23 | Deep Dive |
| CVE-2026-26960 | node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction | isaacs | node-tar | High | 7.1 | 2026-02-20 01:07:53 | Deep Dive |
| CVE-2026-24842 | node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal | isaacs | node-tar | High | 8.2 | 2026-01-28 00:20:13 | Deep Dive |
| CVE-2026-23950 | node-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFS | isaacs | node-tar | High | 8.8 | 2026-01-20 00:40:49 | Deep Dive |
| CVE-2026-23745 | node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization | isaacs | node-tar | 中危 | - | 2026-01-16 22:00:09 | Deep Dive |
| CVE-2025-64118 | node-tar vulnerable to race condition leading to uninitialized memory exposure | isaacs | node-tar | - | - | 2025-10-30 17:50:20 | Deep Dive |
| CVE-2025-58183 | Unbounded allocation when parsing GNU sparse map in archive/tar | Go standard library | archive/tar | - | - | 2025-10-29 22:10:14 | Deep Dive |
| CVE-2025-62518 | astral-tokio-tar Vulnerable to PAX Header Desynchronization | astral-sh | tokio-tar | High | 8.1 | 2025-10-21 16:13:03 | Deep Dive |
| CVE-2025-59343 | tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball | mafintosh | tar-fs | - | - | 2025-09-24 17:43:35 | Deep Dive |
| CVE-2025-59825 | astral-tokio-tar has a path traversal in tar extraction | astral-sh | tokio-tar | 中危 | - | 2025-09-23 20:00:44 | Deep Dive |
| CVE-2025-45582 | GNU Tar 安全漏洞 | GNU | Tar | Medium | 4.1 | 2025-07-11 00:00:00 | Deep Dive |
| CVE-2025-48387 | tar-fs has issue where extract can write outside the specified dir with a specific tarball | mafintosh | tar-fs | 高危 | - | 2025-06-02 19:20:18 | Deep Dive |
| CVE-2024-28863 | node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation | isaacs | node-tar | Medium | 6.5 | 2024-03-21 22:10:24 | Deep Dive |
| CVE-2020-36566 | Path traversal in github.com/whyrusleeping/tar-utils | github.com/whyrusleeping/tar-utils | github.com/whyrusleeping/tar-utils | 超危 | - | 2022-12-27 21:13:44 | Deep Dive |
| CVE-2022-2879 | Unbounded memory consumption when reading headers in archive/tar | Go standard library | archive/tar | 高危 | - | 2022-10-14 00:00:00 | Deep Dive |