pkg:npm/tar-fs

All known vulnerabilities

• HIGH7.5CVE-2024-12905tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File
  from 0, < 1.16.4
• HIGH7.5CVE-2018-20835Improper Input Validation in tar-fs
  from 0, < 1.16.2
• —CVE-2025-59343tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball
  >= 3.0.0, < 3.1.1
• —CVE-2025-48387tar-fs can extract outside the specified dir with a specific tarball
  from 0, < 1.16.5