Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2025-69874
CVE-2025-69874
nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence.
Published Feb 12, 2026
https://github.com/advisories/GHSA-92fh-27vv-894w
CVSS Score
Critical
9.2
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
npm
elsolya-pusher
1.1.0
golang
github.com/btafoya/gomailserver
v1.0.0
golang
github.com/btafoya/gomailserver
v1.0.1
golang
github.com/btafoya/gomailserver
v1.0.2
npm
mircrotar
0.1.1
npm
nanotar
0.1.1
npm
nanotar
0.2.0
npm
skarbonka
1.0.6
npm
skarbonka
1.0.7
npm
skarbonka
1.1.0
npm
skarbonka
1.1.1
npm
skarbonka
1.1.2
1-12 of 12
CVE-2025-69874 | Components Impacted | Sonatype Guide | Sonatype Guide
