Archiver
This hub aggregates every CVE we track for Archiver, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
14
CVEs tracked
5
Critical
5
High
0
In CISA KEV
Severity distribution
HIGH5CRITICAL5MEDIUM4
Monthly trend
0
0
0
0
0
3
0
0
0
0
0
1
0
0
0
0
0
0
0
4
0
0
0
0
2024-072026-06
Latest CVEs
The 14 most recently published vulnerabilities affecting Archiver.
- CVE-2026-2039GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability9.8
- CVE-2026-2036GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability8.8
- CVE-2026-2038GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability9.8
- CVE-2026-2037GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability8.8
- CVE-2025-35940Hard-coded ArchiverSpaApi JWT Signing Key8.1
- CVE-2024-11949GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability8.8
- CVE-2024-11948GFI Archiver Telerik Web UI Remote Code Execution Vulnerability9.8
- CVE-2024-11947GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability8.8
- CVE-2024-0406Mholt/archiver: path traversal vulnerability6.1
- CVE-2018-25046Path traversal in code.cloudfoundry.org/archiver9.1
- CVE-2021-29281File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317.9.8
- CVE-2019-10743All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When ...5.5
- CVE-2018-1002207mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an ar...5.5
- CVE-2006-1611Directory traversal vulnerability in KGB Archiver before 1.1.5.22 allows remote attackers to overwrite arbitrary files wile decompressing an archive, possibly due to directory traversal sequences i...5.0
Product normalization is registry-driven with AI assist and human review. How it works