Package impact
npm / tar
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-23745 | high | — | 8.0 | 16d ago | Important: linux-sgx security update | |||
| CVE-2026-23950 | high | — | 8.0 | 16d ago | Important: linux-sgx security update | |||
| CVE-2026-24842 | high | — | 8.0 | 16d ago | Important: linux-sgx security update | |||
| CVE-2021-32804 | high | — | 8.0 | 5y ago | RHSA-2021:3666: nodejs:14 security and bug fix update (Important) | |||
| CVE-2021-32803 | high | — | 8.0 | 5y ago | RHSA-2021:3666: nodejs:14 security and bug fix update (Important) | |||
| CVE-2015-8860 | high | 7.5 | 7.5 | 10y ago | The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. |