Node-tar

This hub aggregates every CVE we track for Node-tar, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Node-tar.

• CVE-2026-31802node-tar Symlink Path Traversal via Drive-Relative Linkpath5.5Mar 9, 2026
• CVE-2026-29786node-tar: Hardlink Path Traversal via Drive-Relative Linkpath6.3Mar 7, 2026
• CVE-2026-26960node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction7.1Feb 20, 2026
• CVE-2026-24842node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal8.2Jan 28, 2026
• CVE-2026-23950node-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFS8.8Jan 20, 2026
• CVE-2026-23745node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization6.1Jan 16, 2026
• CVE-2025-64118node-tar vulnerable to race condition leading to uninitialized memory exposure7.0Oct 30, 2025
• CVE-2024-28863node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation6.5Mar 21, 2024
• CVE-2021-37713Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization8.2Aug 31, 2021
• CVE-2021-37712Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links8.2Aug 31, 2021
• CVE-2021-37701Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links8.2Aug 31, 2021
• CVE-2021-32804Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization8.2Aug 3, 2021
• CVE-2021-32803Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning8.2Aug 3, 2021
• CVE-2019-1425An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'.6.5Nov 12, 2019
• CVE-2018-20834A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already...7.5Apr 30, 2019