VYPR

npm package

@vltpkg/tar

pkg:npm/%40vltpkg/tar

Vulnerabilities (1)

  • CVE-2026-24909MedJan 27, 2026
    affected < 1.0.0-rc.10fixed 1.0.0-rc.10

    vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction.