unjs/nanotar

Releases4

Frequency8 months 3 weeks

Last Release 4 months ago

Stars194

📼 Tiny and fast tar utils for any JavaScript runtime!

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-69874 ↗	Feb 11, 2026Wednesday, 11 February 2026, 18:16	9.8 CRITICAL	—
nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence.