Advisories with keyword 'tar'

May 20, 2026
CRITICAL RUSTSEC-2026-0148: Vulnerability in boxlite

OCI layer symlink escape → arbitrary host write
May 19, 2026
RUSTSEC-2026-0145: Vulnerability in astral-tokio-tar

PAX Header Desynchronization in astral-tokio-tar
April 28, 2026
RUSTSEC-2026-0113: Vulnerability in astral-tokio-tar

unpack_in can chmod arbitrary directories by following symlinks
March 23, 2026
LOW RUSTSEC-2026-0066: Vulnerability in astral-tokio-tar

Insufficient validation of PAX extensions during extraction
March 23, 2026
MEDIUM RUSTSEC-2026-0067: Vulnerability in tar

unpack_in can chmod arbitrary directories by following symlinks
March 23, 2026
MEDIUM RUSTSEC-2026-0068: Vulnerability in tar

tar-rs incorrectly ignores PAX size headers if header size is nonzero