Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

3 advisories

Loading
tar-rs `unpack_in` can chmod arbitrary directories by following symlinks Moderate
CVE-2026-33056 was published for tar (Rust) Mar 20, 2026
xokdvium Credited to xokdvium
tar-rs incorrectly ignores PAX size headers if header size is nonzero Moderate
CVE-2026-33055 was published for tar (Rust) Mar 20, 2026
xokdvium Credited to xokdvium, woodruffw, 0xnaka-hax, and 0xNakah woodruffw woodruffw
0xnaka-hax 0xnaka-hax 0xNakah 0xNakah
astral-tokio-tar insufficiently validates PAX extensions during extraction Moderate
CVE-2026-32766 was published for astral-tokio-tar (Rust) Mar 17, 2026
woodruffw Credited to woodruffw and xokdvium xokdvium xokdvium
ProTip! Advisories are also available from the GraphQL API