Every CVE whose affected-product data names Hashicorp Go-slug, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2020-29529 — CVSS 7.5 (high): HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be…
CVE-2025-0377 — CVSS 7.5 (high): HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar…