Nanotar
1 CVEs
product
Monthly
Path traversal in nanotar npm package through 0.2.0. The parseTar() and parseTarGzip() functions allow attackers to write files outside the extraction directory.
Path Traversal
Nanotar
NVD
GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-69874
npm
EPSS 0%
CVSS 9.8
CRITICAL
Act Now
Path traversal in nanotar npm package through 0.2.0. The parseTar() and parseTarGzip() functions allow attackers to write files outside the extraction directory.
Path Traversal
Nanotar
NVD
GitHub