Overview · composefs/tar-rs · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

PAX header desynchronization
GHSA-3pv8-6f4r-ffg2 published May 18, 2026 by cgwalters

Moderate
tar-rs incorrectly ignores PAX size headers if header size is nonzero
GHSA-gchp-q4r4-x4ff published Mar 19, 2026 by alexcrichton

Low
`unpack_in` can chmod arbitrary directories by following symlinks
GHSA-j4xf-2g29-59ph published Mar 19, 2026 by alexcrichton

Moderate
[INFORMATIONAL] No defense against concurrent mutations of filesystem tree
GHSA-747h-hw98-c42x published May 18, 2026 by cgwalters

Low

Learn more about advisories related to composefs/tar-rs in the GitHub Advisory Database