HIGH8.8CVE-2026-23950Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS from 0, < 7.5.4
HIGH8.2CVE-2026-24842node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal from 0, < 7.5.7
>= 3.0.0, < 4.4.16
HIGH8.2Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
>= 3.0.0, < 4.4.18
HIGH8.2Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
from 0, < 4.4.18
HIGH8.2Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
from 0, < 3.2.2
HIGH8.2Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
>= 3.0.0, < 3.2.3
HIGH7.5Arbitrary File Overwrite in tar
>= 3.0.0, < 4.4.2
HIGH7.5Symlink Arbitrary File Overwrite in tar
from 0, < 2.0.0
HIGH7.1Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction
from 0, < 7.5.8
MEDIUM6.5Denial of service while parsing a tar file due to lack of folders count validation
from 0, < 6.2.1
MEDIUM6.3tar has Hardlink Path Traversal via Drive-Relative Linkpath
from 0, < 7.5.10
MEDIUM6.1node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization
from 0, < 7.5.3
MEDIUM5.5node-tar Symlink Path Traversal via Drive-Relative Linkpath
from 0, < 7.5.11
—node-tar has a race condition leading to uninitialized memory exposure
>= 7.5.1, < 7.5.2