tar
297 known vulnerabilities · 2 critical · 12 high
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
Denial of service while parsing a tar file due to lack of folders count validation
Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS
Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction
node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization
node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
node-tar has a race condition leading to uninitialized memory exposure
OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR)
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
Malicious code in elf-stats-silvered-star-676 (npm)
OpenClaw's config env vars allowed startup env injection into service runtime
OpenClaw Hook Session Key Override Enables Targeted Cross-Session Routing
Claude Code can execute commands prior to the startup trust dialog
OpenClaw: Tlon Startup Migration Rehydrates Empty-Array Revocations From File Config
Malicious code in starbuckssystem.website (npm)
Malicious code in @tanstack/eslint-plugin-start (npm)
Malicious code in @tanstack/vue-start-server (npm)
tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability
OpenClaw: Zalo replay dedupe cache could suppress events across authenticated webhook targets
Cinny vulnerable to access token disclosure via invalidated emoji pack avatar URL in service worker
tarteaucitron.js allows prototype pollution via custom text injection
OpenClaw: Zalo webhook replay cache cross-target messageId scope bypass
nanotar is vulnerable to path traversal in parseTar() and parseTarGzip()
Malicious code in @freestarcapital/collector-pipeline (npm)
PsiTransfer has Zip Slip Path Traversal via TAR Archive Download
Malicious code in material-start (npm)
Malicious code in @apple-pay-trust/start (npm)
OpenClaw hardened the skill download target directory validation
tarteaucitron.js allows url scheme injection via unfiltered inputs
Malicious code in ts-jest-starter-kit (npm)
Malicious code in vistar-ad-clienttestadv3 (npm)
OpenClaw's avatar symlink traversal can expose out-of-workspace local files
Malicious code in @leviyuan/lodestar (npm)
Malicious code in @service-suppliers/set_suppliers_loading_start (npm)
Malicious code in starlink2 (npm)
Malicious code in astar-portal-test-depconf (npm)
Malicious code in gtarc-fs (npm)
Malicious code in @posthog/gitub-star-sync-plugin (npm)
Vite has an `server.fs.deny` bypass with an invalid `request-target`
Malicious code in wf-kyt-starter (npm)
Malicious code in wf-kyt-starter-universal (npm)
tar-fs can extract outside the specified dir with a specific tarball
Duplicate Advisory: OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host
Malicious code in astar-portal (npm)
OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup
Malicious code in world-id-onchain-starter (npm)
OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets
Malicious code in launcher-start-page (npm)
Malicious code in target-ui (npm)
Malicious code in telescope-avatar (npm)
Malicious code in monday-react-quickstart-app (npm)
Claude Code vulnerable to command execution prior to startup trust dialog
Malicious code in startrek-client (npm)
Malicious code in nft-dapp-starter-kit (npm)
Malicious code in avvvatars-vue (npm)
Malicious code in gatsby-starter-gitlab (npm)
@andrei-tatar/nora-firebase-common Prototype Pollution vulnerability
OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host
Malicious code in minotari_wallet_ff (npm)
Malicious code in daftar-situs-judi-slot-online-gacor-gampang-menang-2023 (npm)
Twitter-Post-Fetcher vulnerable to Use of Web Link to Untrusted Target with window.opener Access
Malicious code in @postman/final-node-keytar (npm)
Malicious code in the-starch-solution-eat-the-foods-you-love-regain-your-health-and-lose-the-weight-for-good-by-john-a (npm)
Malicious code in @quick-start-soft/quick-markdown-print (npm)
Malicious code in @trackstar/test-package (npm)
Malicious code in iconscout-unicons-tarball (npm)
tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File
Malicious code in ai-chatbot-starter (npm)
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments
Malicious code in ppcp-starter-node (npm)
OpenClaw has agent avatar symlink traversal in gateway session metadata
Signature verification vulnerability in Stark Bank ecdsa libraries
matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms
Malicious code in elf-stats-wintry-northstar-674 (npm)
Electron: Named window.open targets not scoped to the opener's browsing context
Malicious code in elf-stats-cheery-northstar-345 (npm)
Malicious code in elf-stats-starlit-northstar-873 (npm)
Malicious code in elf-stats-starlit-rocket-905 (npm)
Malicious code in elf-stats-starlit-train-195 (npm)
svelte is vulnerable to XSS with textarea bind:value
Malicious code in vistar-ad-clienttestadv2 (npm)
Malicious code in upstart-lending-status (npm)
Malicious code in upstart-loan-status (npm)
Malicious code in upstartadmindashboard- (npm)
Malicious code in upstartapplicationstatus (npm)
Malicious code in noor_ul_iman_tarjuma_quran_pdf_free_free__kv (npm)
Malicious code in visitor-targeting (npm)
Malicious code in csvtarse (npm)
Malicious code in frontity-starter-theme (npm)
Malicious code in microbundle-starter (npm)
Malicious code in elf-stats-caroling-star-725 (npm)
Malicious code in bootstar (npm)
Vite middleware may serve files starting with the same name with the public directory
Malicious code in ccip-starter-kit-hardhat (npm)
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball
Malicious code in transform-new-target (npm)
follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets
OpenClaw shell-env fallback trusted startup env and could execute attacker-influenced login-shell paths
Malicious code in agent-starter (npm)
TanStack Start - Server Core: Inbound server-function request deserialization could invoke a sibling client-referenced server function
Malicious code in elf-stats-midnight-star-734 (npm)
Malicious code in responses-starter-app (npm)
OpenClaw: Exec environment denylist missed high-risk interpreter startup variables
Malicious code in target-global-mbox (npm)
Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection
OpenClaw voice-call media stream validated streams after upgrade, which could allow pre-start unauthenticated sockets to increase resource pressure
OpenClaw affected by BASH_ENV / ENV startup-file injection into spawned shell commands
OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host
Malicious code in @ensdomains/ens-avatar (npm)
Malicious code in upstart-offer-container (npm)
Malicious code in upstart.previewcss (npm)
OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection
Malicious code in elf-stats-shimmering-northstar-293 (npm)
Malicious code in pil2-stark-js (npm)
OpenClaw: Voice-call still parses large WebSocket frames before start validation (Incomplete fix for CVE-2026-32062)
Malicious code in monday-integration-quickstart-app (npm)
Malicious code in gatsby-starter-hello-world (npm)
Duplicate Advisory: OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets
Malicious code in codemirror-6-getting-started (npm)
Malicious code in pinterest-api-quickstart (npm)
Malicious code in start-state-machine (npm)
taro-css-to-react-native Regular Expression Denial of Service vulnerability
Malicious code in smaato-shared-ui-audience-targeting (npm)
Malicious code in com.meta.xr.sdk.avatars.sample.assets (npm)
Malicious code in stargate-docs (npm)
Duplicate Advisory: OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup
Malicious code in elf-stats-cocoa-northstar-632 (npm)
Malicious code in talon-template-starter (npm)
Malicious code in target-campaign-library (npm)
Malicious code in tari_wallet_ffi (npm)
Malicious code in elf-stats-starlit-mitten-980 (npm)
Malicious code in infocaster-frontend-bootstrap-4-starter (npm)
Malicious code in spstargm (npm)
Malicious code in wad-workshop-starter (npm)
Malicious code in ktarco (npm)
PsiTransfer: Upload PATCH path traversal can create `config.<NODE_ENV>.js` and lead to code execution on restart
OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config
Malicious code in fed-challenge-starter (npm)
OpenClaw: Strict browser SSRF bypass in Playwright redirect handling leaves private targets reachable
Malicious code in starrocks (npm)
OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting
Malicious code in cstar-react-primitives (npm)
Malicious code in monday-integration-quickstart (npm)
OpenClaw: Browser control startup could continue unauthenticated after auth bootstrap failure
Malicious code in eslint-plugin-totara (npm)
Malicious code in smart-input-textarea (npm)
Malicious code in @rsgweb/rockstar-account (npm)
Malicious code in whistle-start (npm)
Malicious code in vistar-ad-clienttestadv4 (npm)
Malicious code in elf-stats-candystriped-star-592 (npm)
OpenClaw's shell startup env injection bypasses system.run allowlist intent (RCE class)
Malicious code in @quick-start-soft/quick-document-translator (npm)
Malicious code in @jdtaro/dynamic-devtools-utils (npm)
React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation
Duplicate Advisory: OpenClaw: Exec environment denylist missed high-risk interpreter startup variables
Malicious code in start-log-backend (npm)
Malicious code in start-log-plugin (npm)
Malicious code in hardhat-ethers-react-ts-starter (npm)
Malicious code in upstartautoretailadmin (npm)
Malicious code in upstartdr (npm)
Malicious code in helper-compilation-targets (npm)
Malicious code in @lbnqduy11805/shiny-rotary-phone (npm)
Malicious code in starling-api-web-starter-kit (npm)
Malicious code in compute-starter-kit-assemblyscript-default (npm)
Malicious code in starling-api (npm)
Budibase vulnerable to SSRF via trivial `.tar.gz` substring bypass in Plugin URL upload (`/api/plugin`)
Malicious code in line-liff-v2-starter (npm)
Malicious code in daftar-10-bandar-togel-singapore-terpercaya-agen-pay4d-terbesar-di-asia (npm)
Malicious code in @jumpstart-ui/utils (npm)
Malicious code in pdf-gods-generals-the-military-lives-of-moses-the-buddha-and-muhammad-by-richard-a-gabriel-on-textbo (npm)
Malicious code in elf-stats-snowy-northstar-860 (npm)
Malicious code in @nutui/nutui-react-taro (npm)
Malicious code in starbuckssystem (npm)
Malicious code in @tanstack/react-start (npm)
Malicious code in @tanstack/react-start-rsc (npm)
Malicious code in @tanstack/react-start-server (npm)
Malicious code in hardhat-starter-kit (npm)
Malicious code in @spcsn/taro-cli (npm)
Malicious code in @tanstack/solid-start (npm)
Malicious code in @tanstack/solid-start-client (npm)
Malicious code in @tanstack/solid-start-server (npm)
Malicious code in @tarojs/cli (npm)
Malicious code in @tanstack/start-client-core (npm)
Malicious code in @tanstack/start-fn-stubs (npm)
Malicious code in @tanstack/start-plugin-core (npm)
Malicious code in morningstar-design-system (npm)
Malicious code in @tanstack/vue-start (npm)
Malicious code in @tanstack/vue-start-client (npm)
Malicious code in plugin-getting-started (npm)
Malicious code in @quick-start-soft/quick-git-clean-markdown (npm)
Malicious code in @quick-start-soft/quick-task-refine (npm)
Malicious code in starcoffe (npm)
Malicious code in ragbot-starter (npm)
Malicious code in ally-starter-api (npm)
Malicious code in @postman/node-keytar (npm)
Malicious code in @google-pay-trust/start (npm)
Malicious code in @quick-start-soft/quick-markdown-translator (npm)
Malicious code in @quick-start-soft/quick-remove-image-background (npm)
Malicious code in react-full-stack-starter-client (npm)
Malicious code in start-internal (npm)
Malicious code in tinyquickstartreactnative (npm)
Malicious code in remote-pay-cloud-starter-example-typescript (npm)
Malicious code in tauri-plugin-autostart-api (npm)
Malicious code in @starkgate-v2/web (npm)
Malicious code in starknet4 (npm)
Malicious code in my-node-startup (npm)
Malicious code in @quick-start-soft/quick-markdown (npm)
Malicious code in @quick-start-soft/quick-markdown-compose (npm)
Malicious code in aws-target-mediator (npm)
Malicious code in elf-stats-northbound-star-801 (npm)
Malicious code in getting-started-rpi (npm)
Malicious code in @lbnqduy11805/cautious-octo-rotary-phone (npm)
tarteaucitron.js allows UI manipulation via unrestricted CSS injection
Malicious code in discord-getting-started (npm)
NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints
Malicious code in dowload_ebok_lenin_y_el_totalitarismo_by_mauricio_rojas_szvld (npm)
Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies
Malicious code in totaralms (npm)
Malicious code in @trackstar/react-trackstar-link-upgrade (npm)
Malicious code in @trackstar/test-angular-package (npm)
Malicious code in @tanstack/start-static-server-functions (npm)
Malicious code in @tanstack/start-storage-context (npm)
Malicious code in @quick-start-soft/quick-markdown-image (npm)
Malicious code in smooch-api-quickstart-example (npm)
Malicious code in pear-apps-utils-avatar-initials (npm)
OpenClaw skills-install-download: tar.bz2 extraction bypassed archive safety parity checks (local DoS)
Malicious code in element-block-starter (npm)
Malicious code in tarax (npm)
Malicious code in @starkgate/web (npm)
Malicious code in devstart-cli (npm)
Malicious code in plaid-tiny-quickstart (npm)
Malicious code in upstartloans (npm)
Malicious code in upstartportal (npm)
Improper Verification of Cryptographic Signature in starkbank-ecdsa
@hulumi/policies has a HULUMI-H5 bypass via decoy sibling resources targeting a different bucket
Malicious code in canva-connect-api-starter-kit (npm)
Malicious code in concatarraybuffer (npm)
Malicious code in ontology-starter-react-app (npm)
Malicious code in monday-integration-quickstart-app-typescript (npm)
Malicious code in tari-explorer (npm)
Malicious code in packs-starter (npm)
Malicious code in @tanstack/react-start-client (npm)
Malicious code in @redhat-cloud-services/quickstarts-client (npm)
Malicious code in usaa-textarea (npm)
Malicious code in @tanstack/start-server-core (npm)
Duplicate Advisory: OpenClaw's shell startup env injection bypasses system.run allowlist intent (RCE class)
Malicious code in @emerald-react/avatar (npm)
Malicious code in bitski-quickstart (npm)
Malicious code in tailwindcss-forms-starter (npm)
Malicious code in astra-db-recommendations-starter (npm)
Duplicate Advisory: OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config
Malicious code in @starmind/collector-cli (npm)
Malicious code in ing-feat-mortgage-consent-starter (npm)
Malicious code in starknet-types-07 (npm)
Malicious code in all-star-2019 (npm)
Malicious code in com.meta.xr.sdk.avatars (npm)
Malicious code in niji-react-textarea (npm)
Malicious code in boring-avatars-vanilla (npm)
Malicious code in ktarco1 (npm)
Malicious code in msal-react-quickstart (npm)
Duplicate Advisory: OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host
Malicious code in @tribe-digital/shopify-starter-theme (npm)
Malicious code in remote-pay-cloud-starter-example (npm)
Malicious code in starter-theme (npm)
@workos/authkit-session has an Open Redirect via state-derived redirect target
Malicious code in tarojs-plugin-platform-lark (npm)
Cross-Site Scripting Vulnerability in @joeattardi/emoji-button
Malicious code in cktool.target.nodejs (npm)
Malicious code in quickstart-calls-chat-integration (npm)
pnpm incorrectly parses tar archives relative to specification
Malicious code in vt-blockchain-bootcamp-starter-frontend (npm)
Malicious code in ent-widget-military (npm)
Malicious code in express-starter-template (npm)
Malicious code in @oku-ui/avatar (npm)
Malicious code in @trackstar/angular-trackstar-link (npm)
Malicious code in @trackstar/react-trackstar-link (npm)
Malicious code in elf-stats-starlit-ribbon-255 (npm)
Malicious code in elf-stats-bright-star-712 (npm)
Malicious code in elf-stats-sugarplum-star-404 (npm)