Browse all 5 CVE security advisories affecting astral-sh. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32766 | astral-tokio-tar insufficiently validates PAX extensions during extraction — tokio-tarCWE-436 | 9.1 | - | 2026-03-20 |
| CVE-2025-13327 | Uv: uv: specially crafted zip archives lead to arbitrary code execution due to parsing differentials — uvCWE-1286 | 6.3 | Medium | 2026-02-27 |
| CVE-2025-62518 | astral-tokio-tar Vulnerable to PAX Header Desynchronization — tokio-tarCWE-843 | 8.1 | High | 2025-10-21 |
| CVE-2025-59825 | astral-tokio-tar has a path traversal in tar extraction — tokio-tarCWE-22 | 7.5 | - | 2025-09-23 |
| CVE-2025-54368 | uv is vulnerable to ZIP payload obfuscation through parsing differentials — uvCWE-436 | 9.1 | - | 2025-08-08 |
This page lists every published CVE security advisory associated with astral-sh. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.