pkg:Go/github.com/zarf-dev/zarf
2 total CVEsHIGH2
✅ Check your installed version
All known vulnerabilities
HIGH8.2CVE-2026-29064Zarf's symlink targets in archives are not validated against destination directory in github.com/zarf-dev/zarf >= 0.54.0, < 0.73.1
HIGH7.1CVE-2026-40090Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write >= 0.23.0, < 0.74.2