Tar
This hub aggregates every CVE we track for Tar, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
31
CVEs tracked
0
Critical
15
High
0
In CISA KEV
Severity distribution
HIGH15MEDIUM14LOW2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
3
1
3
1
0
1
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Tar.
- CVE-2026-53655node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)5.5
- CVE-2026-5704Tar: tar: hidden file injection via crafted archives5.0
- CVE-2026-33056tar-rs: unpack_in can chmod arbitrary directories by following symlinks6.5
- CVE-2026-31802node-tar Symlink Path Traversal via Drive-Relative Linkpath5.5
- CVE-2026-29786node-tar: Hardlink Path Traversal via Drive-Relative Linkpath6.3
- CVE-2026-26960node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction7.1
- CVE-2026-24842node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal8.2
- CVE-2026-23950node-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFS8.8
- CVE-2026-23745node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization6.1
- CVE-2025-45582GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to...4.1
- CVE-2021-37713Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization8.2
- CVE-2021-37701Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links8.2
- CVE-2021-37712Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links8.2
- CVE-2021-38511An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.7.5
- CVE-2021-32804Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization8.2
Product normalization is registry-driven with AI assist and human review. How it works