CVE-2026-21851 MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal Zip Slip vulnerability exists in MONAI's downloadfromngcprivate function. The function uses zipfile.ZipFile.extractall without path validation, while other similar...

MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download

Summary A Path Traversal Zip Slip vulnerability exists in MONAI's downloadfromngcprivate function. The function uses zipfile.ZipFile.extractall without path validation, while other similar download functions in the same codebase properly use the existing safeextractmember function. This appears t...

Exploit for Path Traversal in Rarlab Winrar

CVE-2025-8088 Python tool for safe archive handling, path trav...

Path traversal, lead to remote code execution

Description In zenml's PathMaterializer class, the load function uses ispathwithindirectory to validate files during data.tar.gz extraction. While this prevents path traversal vulnerabilities, it fails to effectively detect symbolic and hard links. with tarfile.openarchivepathlocal, "r:gz" as tar...

PT-2022-16056 · Guarddog · Guarddog

Name of the Vulnerable Software and Affected Versions: GuardDog versions prior to v0.1.8 Description: GuardDog is a CLI tool to identify malicious PyPI packages. The issue arises when extracting files using shutil.unpack archive from a potentially malicious tarball without validating that the...