To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
Security: mafintosh/tar-fs
Security
SECURITY.md
-
Symlink validation bypass if destination directory is predictable with a specific tarballGHSA-vj76-c3g6-qr5v published
Sep 24, 2025 by mafintoshHigh -
Issue where extract can write outside the specified dir with a specific tarballGHSA-8cj5-5rvv-wf4v published
Jun 2, 2025 by mafintoshCritical
Learn more about advisories related to mafintosh/tar-fs in the GitHub Advisory Database