SecAlerts
CVE ListPricingSign Up
tar-fs logo

tar-fs

Security Risk Profile

41
/100
medium

Security Risk Score

Comprehensive risk assessment based on 5 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from March 27, 2025 to present

5
Total CVEs
5
Critical+High
1
Exploited
2
Unpatched

Threat Assessment

Avg CVSS
7.8
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
2
Critical/High
Risk Level
41/100
medium
⚠️ 1 Active Exploits

Severity Distribution

Critical
0
High
5
Medium
0
Low
0

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
1

Age Distribution

Common Weaknesses (CWE)

1
Path Traversal
4

Most Affected Products

1. tar-fs tar-fs9
2. npm/tar-fs9
3. IBM Business Automation Insights6
4. IBM Concert Software1
5. Microsoft cbl2 reaper 3.1.1-191

Recent Vulnerabilities

See more →
REDHAT-BUG-2397901
CVSS 7.0high
9/24/2025🔧 No Patch
CVE-2025-59343
CVSS 8.7high

tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball

9/24/2025
CVE-2025-48387
CVSS 8.7EPSS 0%high

tar-fs has issue where extract can write outside the specified dir with a specific tarball

6/2/2025
REDHAT-BUG-2355460
CVSS 7.0high
3/27/2025🔧 No Patch
CVE-2024-12905
CVSS 7.5high
3/27/2025⚠ Exploited

Monitor tar-fs in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.