Every CVE whose affected-product data names Isaacs Tar, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2026-23950 — CVSS 8.8 (high): node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling…
CVE-2026-24842 — CVSS 8.2 (high): node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses…
CVE-2018-20834 — CVSS 7.5 (high): A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when…
CVE-2026-26960 — CVSS 7.1 (high): node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can…
CVE-2024-28863 — CVSS 6.5 (medium): node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation…
CVE-2026-29786 — CVSS 6.3 (medium): node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the…
CVE-2026-23745 — CVSS 6.1 (medium): node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries…
CVE-2026-31802 — CVSS 5.5 (medium): node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside…
CVE-2026-53655 — CVSS 5.5 (medium): node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (node-tar) applies a PAX extended header's size= record (and other PAX…