VYPR

Compressing

by Node Modules

npm: compressing

Source repositories

CVEs (2)

  • CVE-2026-40931HigApr 21, 2026
    risk 0.48cvss 8.4epss 0.00

    Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation within the isPathWithinParent utility. This check verifies if a resolved path string starts with the destination…

  • CVE-2026-24884Feb 4, 2026
    risk 0.00cvss epss 0.00

    Compressing is a compressing and uncompressing lib for node. In version 2.0.0 and 1.10.3 and prior, Compressing extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an…