Security: astral-sh/tokio-tar
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
PAX Header Desynchronization in astral-tokio-tarGHSA-3cv2-h65g-fgmm published
May 18, 2026 by woodruffwModerate -
PAX Header Desynchronization in astral-tokio-tarGHSA-fp55-jw48-c537 published
Apr 27, 2026 by woodruffwModerate -
`unpack_in` can chmod arbitrary directories by following symlinksGHSA-xx64-wwv2-hcqq published
Apr 27, 2026 by woodruffwLow -
Insufficient validation of PAX extensions during extractionGHSA-6gx3-4362-rf54 published
Mar 16, 2026 by woodruffwLow -
PAX Header Desynchronization in astral-tokio-tarGHSA-j5gw-2vrg-8fgx published
Oct 21, 2025 by woodruffwHigh -
Path traversal in tar extractionGHSA-3wgq-wrwc-vqmv published
Sep 23, 2025 by woodruffwHigh