Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2026-24909
CVE-2026-24909
vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction.
Published Jan 28, 2026
https://github.com/vltpkg/vltpkg/pull/1334
CVSS Score
Medium
5.9
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
npm
@vltpkg/tar
0.0.0-0.1730239248325
npm
@vltpkg/tar
0.0.0-0.1730724342581
npm
@vltpkg/tar
0.0.0-10
npm
@vltpkg/tar
0.0.0-11
npm
@vltpkg/tar
0.0.0-12
npm
@vltpkg/tar
0.0.0-13
npm
@vltpkg/tar
0.0.0-14
npm
@vltpkg/tar
0.0.0-15
npm
@vltpkg/tar
0.0.0-16
npm
@vltpkg/tar
0.0.0-17
npm
@vltpkg/tar
0.0.0-18
npm
@vltpkg/tar
0.0.0-19
npm
@vltpkg/tar
0.0.0-20
npm
@vltpkg/tar
0.0.0-21
npm
@vltpkg/tar
0.0.0-22
npm
@vltpkg/tar
0.0.0-23
npm
@vltpkg/tar
0.0.0-24
npm
@vltpkg/tar
0.0.0-25
npm
@vltpkg/tar
0.0.0-26
npm
@vltpkg/tar
0.0.0-27
npm
@vltpkg/tar
0.0.0-28
npm
@vltpkg/tar
0.0.0-29
npm
@vltpkg/tar
0.0.0-2
npm
@vltpkg/tar
0.0.0-30
npm
@vltpkg/tar
0.0.0-31
npm
@vltpkg/tar
0.0.0-32
npm
@vltpkg/tar
0.0.0-3
npm
@vltpkg/tar
0.0.0-4
npm
@vltpkg/tar
0.0.0-5
npm
@vltpkg/tar
0.0.0-6
npm
@vltpkg/tar
0.0.0-7
npm
@vltpkg/tar
0.0.0-8
npm
@vltpkg/tar
0.0.0-9
npm
@vltpkg/tar
1.0.0-rc.1
npm
@vltpkg/tar
1.0.0-rc.2
npm
@vltpkg/tar
1.0.0-rc.3
npm
@vltpkg/tar
1.0.0-rc.4
npm
@vltpkg/tar
1.0.0-rc.5
npm
@vltpkg/tar
1.0.0-rc.6
npm
@vltpkg/tar
1.0.0-rc.7
npm
@vltpkg/tar
1.0.0-rc.8
npm
@vltpkg/tar
1.0.0-rc.9
1-42 of 42
CVE-2026-24909 | Components Impacted | Sonatype Guide | Sonatype Guide
