Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

959 matches found

OSV
OSVadded 2025/06/03 1:15 p.m.5 views

ALPINE-CVE-2024-12718

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

5.3CVSS8AI score0.00607EPSS
Exploits1References1
OSV
OSVadded 2025/06/03 1:15 p.m.4 views

AZL-62313 CVE-2025-4330 affecting package python3 for versions less than 3.9.19-14

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

7.5CVSS7.1AI score0.00728EPSS
Exploits2References1
OSV
OSVadded 2025/06/03 1:15 p.m.6 views

ALPINE-CVE-2025-4138

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

7.5CVSS8AI score0.01109EPSS
Exploits7References1
OSV
OSVadded 2025/06/03 1:15 p.m.3 views

ALPINE-CVE-2025-4330

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

7.5CVSS8AI score0.00728EPSS
Exploits2References1
OSV
OSVadded 2025/06/03 1:15 p.m.3 views

CVE-2025-4435

When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped...

7.5CVSS7.1AI score
Exploits0References11
OSV
OSVadded 2025/06/03 1:15 p.m.5 views

CVE-2024-12718

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

5.3CVSS8AI score
Exploits0References13
OSV
OSVadded 2025/06/03 1:15 p.m.6 views

DEBIAN-CVE-2025-4517

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

9.4CVSS7.3AI score0.01184EPSS
Exploits11References1
OSV
OSVadded 2025/06/03 1:15 p.m.4 views

DEBIAN-CVE-2025-4435

When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped...

7.5CVSS6.4AI score0.00474EPSS
Exploits1References1
OSV
OSVadded 2025/06/03 1:15 p.m.4 views

DEBIAN-CVE-2024-12718

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

5.3CVSS7.5AI score0.00607EPSS
Exploits1References1
OSV
OSVadded 2025/06/03 1:15 p.m.3 views

AZL-62307 CVE-2025-4517 affecting package python3 for versions less than 3.9.19-14

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

9.4CVSS7.3AI score0.01184EPSS
Exploits11References1
OSV
OSVadded 2025/06/03 1:15 p.m.6 views

DEBIAN-CVE-2025-4330

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

7.5CVSS7.2AI score0.00728EPSS
Exploits2References1
NVD
NVDadded 2025/06/03 1:15 p.m.13 views

CVE-2025-4517

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

9.4CVSS0.01184EPSS
Exploits11References12
NVD
NVDadded 2025/06/03 1:15 p.m.12 views

CVE-2025-4435

When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped...

7.5CVSS0.00474EPSS
Exploits1References11
OSV
OSVadded 2025/06/03 1:15 p.m.0 views

UBUNTU-CVE-2024-12718

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

5.3CVSS7.4AI score0.00607EPSS
Exploits1References11
OSV
OSVadded 2025/06/03 1:15 p.m.0 views

UBUNTU-CVE-2025-4435

When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped...

7.5CVSS6.6AI score0.00474EPSS
Exploits1References13
OSV
OSVadded 2025/06/03 1:15 p.m.0 views

UBUNTU-CVE-2025-4138

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

7.5CVSS7.3AI score0.01109EPSS
Exploits7References14
OSV
OSVadded 2025/06/03 1:15 p.m.0 views

UBUNTU-CVE-2025-4330

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

7.5CVSS7.2AI score0.00728EPSS
Exploits2References14
Cvelist
Cvelistadded 2025/06/03 12:59 p.m.24 views

CVE-2024-12718 Bypass extraction filter to modify file metadata outside extraction directory

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

5.3CVSS0.00607EPSS
Exploits1References13
Vulnrichment
Vulnrichmentadded 2025/06/03 12:59 p.m.12 views

CVE-2024-12718 Bypass extraction filter to modify file metadata outside extraction directory

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

5.3CVSS7.5AI score0.00607EPSS
Exploits1References13
Snyk
Snykadded 2025/06/03 12:59 p.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the tarfile extraction process when using the filter parameter set to "data" or "tar". An attacker can modify file metadata, such as timestamps or permissions, of files located outside the intended extraction...

8.6CVSS7.5AI score0.00607EPSS
Exploits1References2
Rows per page
Query Builder