pkg:npm/tar-fs

4 total CVEsHIGH2

✅ Check your installed version

All known vulnerabilities

  • HIGH7.5CVE-2024-12905tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File
    from 0, < 1.16.4
  • HIGH7.5CVE-2018-20835Improper Input Validation in tar-fs
    from 0, < 1.16.2
  • CVE-2025-59343tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball
    >= 3.0.0, < 3.1.1
  • CVE-2025-48387tar-fs can extract outside the specified dir with a specific tarball
    from 0, < 1.16.5