OsVault/npm/tar-fs
npm

tar-fs

4 known vulnerabilities · 0 critical · 2 high

CVE-2025-59343

tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball

Published Sep 24, 2025
CVE-2025-48387

tar-fs can extract outside the specified dir with a specific tarball

Published Jun 3, 2025
CVE-2024-12905HIGH

tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File

Published Mar 27, 2025
CVE-2018-20835HIGH

Improper Input Validation in tar-fs

Published May 1, 2019
Check your entire dependency tree at onceRun dependency scan →