HIGH 7.1 npm
GHSA-83g3-92jg-28cx · CVE-2026-26960 Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction
수정: 2026. 2. 20.
package
npm / tar
pkg:npm/tar
HIGH npm
GHSA-8qq5-rm4j-mr97 · CVE-2026-23745 node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization
수정: 2026. 2. 22.
HIGH npm
GHSA-9ppj-qmqm-q256 · CVE-2026-31802 node-tar Symlink Path Traversal via Drive-Relative Linkpath
수정: 2026. 3. 13.
HIGH 8.2 npm
GHSA-9r2w-394v-53qc · CVE-2021-37701 Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
수정: 2026. 3. 13.
MEDIUM 6.5 npm
GHSA-f5x3-32g6-xq36 · CVE-2024-28863 Denial of service while parsing a tar file due to lack of folders count validation
수정: 2026. 2. 4.
HIGH 7.5 npm
GHSA-gfjr-3jmm-4g9v · CVE-2015-8860 Symlink Arbitrary File Overwrite in tar
수정: 2023. 11. 8.
MEDIUM npm
GHSA-29xp-372q-xqph · CVE-2025-64118 node-tar has a race condition leading to uninitialized memory exposure
수정: 2026. 2. 4.
HIGH 8.2 npm
GHSA-34x7-hfp2-rc4v · CVE-2026-24842 node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal
수정: 2026. 2. 4.
HIGH 8.2 npm
GHSA-3jfq-g458-7qm9 · CVE-2021-32804 Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
수정: 2026. 3. 13.
HIGH 8.2 npm
GHSA-5955-9wpr-37jh · CVE-2021-37713 Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
수정: 2026. 3. 13.
HIGH npm
GHSA-qffp-2rhf-9h96 · CVE-2026-29786 tar has Hardlink Path Traversal via Drive-Relative Linkpath
수정: 2026. 3. 10.
HIGH 7.5 npm
GHSA-j44m-qm6p-hp7m · CVE-2018-20834 Arbitrary File Overwrite in tar
수정: 2023. 11. 29.
HIGH 8.2 npm
GHSA-qq89-hq3f-393p · CVE-2021-37712 Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
수정: 2026. 3. 13.
HIGH 8.2 npm
GHSA-r628-mhmh-qjhw · CVE-2021-32803 Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
수정: 2026. 3. 13.
HIGH 8.8 npm
GHSA-r6q2-hw4h-h46w · CVE-2026-23950 Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS
수정: 2026. 3. 16.
MEDIUM npm
GHSA-vmf3-w455-68vh · CVE-2026-53655 node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)
수정: 2026. 6. 15.