node-tar — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in node-tar, with AI-generated Chinese analysis, references, and POCs.

Vendor: npm

CVE ID	Title	CVSS	Severity	Paused
CVE-2026-31802	node-tar Symlink Path Traversal via Drive-Relative Linkpath CWE-22	7.5^AI	High^AI	2026-03-09
CVE-2026-29786	node-tar: Hardlink Path Traversal via Drive-Relative Linkpath CWE-22	7.5	-	2026-03-07
CVE-2026-26960	node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction CWE-22	7.1	High	2026-02-20
CVE-2026-24842	node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal CWE-22	8.2	High	2026-01-28
CVE-2026-23950	node-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFS CWE-176	8.8	High	2026-01-20
CVE-2026-23745	node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization CWE-22	9.1	-	2026-01-16
CVE-2025-64118	node-tar vulnerable to race condition leading to uninitialized memory exposure CWE-362	5.3^AI	Medium^AI	2025-10-30
CVE-2024-28863	node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation CWE-400	6.5	Medium	2024-03-21
CVE-2021-37713	Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization CWE-22	8.2	High	2021-08-31
CVE-2021-37701	Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links CWE-22	8.2	High	2021-08-31
CVE-2021-37712	Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links CWE-22	8.2	High	2021-08-31
CVE-2021-32804	Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization CWE-22	8.2	High	2021-08-03
CVE-2021-32803	Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning CWE-22	8.2	High	2021-08-03

All 13 known CVE vulnerabilities affecting node-tar with full Chinese analysis, references, and POCs where available.