Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

959 matches found

Snyk
Snykadded 2025/06/03 12:58 p.m.8 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the tarfile extraction process when using the filter parameter set to "data" or "tar". An attacker can write files outside the intended extraction directory by convincing a privileged user or process to extract a...

9.4CVSS7.5AI score0.01184EPSS
Exploits11References2
OSV
OSVadded 2025/06/03 12:58 p.m.6 views

PSF-2025-9

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

9.4CVSS9.8AI score0.01184EPSS
Exploits11References12
CVE
CVEadded 2025/06/03 12:58 p.m.606 views

CVE-2025-4517

CVE-2025-4517 concerns the tarfile module: when extracting untrusted tar archives using TarFile.extractall() or TarFile.extract() with filter set to "data" (or "tar"), it allows arbitrary filesystem writes outside the extraction directory. The description and connected advisories confirm this is ...

9.4CVSS9.7AI score0.01184EPSS
Exploits11References12
CNNVD
CNNVDadded 2025/06/03 12:0 a.m.5 views

Python 安全漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.12 and later, which stems from the tarfile module extraction filter...

5.3CVSS6.7AI score0.00607EPSS
Exploits1References15
CNNVD
CNNVDadded 2025/06/03 12:0 a.m.4 views

CPython 安全漏洞

CPython is a Python interpreter implemented in C from the Python Foundation. A security vulnerability exists in CPython that stems from a filter member not being skipped and still being extracted when TarFile.errorlevel = 0...

7.5CVSS6.5AI score0.00474EPSS
Exploits1References13
Positive Technologies
Positive Technologiesadded 2025/06/03 12:0 a.m.8 views

PT-2025-23607

Name of the Vulnerable Software and Affected Versions Python versions 3.12 and later Description This vulnerability allows modification of file metadata e.g., last modified or file permissions of files outside the intended extraction directory when using the tarfile module to extract untrusted ta...

10CVSS7.3AI score0.01844EPSS
Exploits14References238
Positive Technologies
Positive Technologiesadded 2025/06/03 12:0 a.m.5 views

PT-2025-23610

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The issue concerns the behavior of TarFile when extracting with a filter and TarFile.errorlevel = 0. The documented behavior is that any filtered members should be skipped and not extracted...

9.4CVSS7AI score0.01437EPSS
Exploits14References220
Positive Technologies
Positive Technologiesadded 2025/06/03 12:0 a.m.6 views

PT-2025-23609

Name of the Vulnerable Software and Affected Versions Python versions 3.12 and later Description The issue allows the extraction filter to be ignored, enabling symlink targets to point outside the destination directory and the modification of some file metadata. This affects users who utilize the...

9.4CVSS7.9AI score0.01844EPSS
Exploits14References177
Positive Technologies
Positive Technologiesadded 2025/06/02 12:0 a.m.7 views

PT-2025-23611

Name of the Vulnerable Software and Affected Versions Python versions 3.12 and later Description The issue allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data" when using the tarfile module to extract untrusted tar archives. This affects users o...

9.7CVSS7.7AI score0.01844EPSS
Exploits14References211
OSV
OSVadded 2025/05/06 4:12 p.m.3 views

USN-7488-1 python vulnerabilities

It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery SSRF attack. This issue only affected python 2.7 and python3.4 on Ubuntu 14.04 LTS; python2.7 on Ubuntu 16.04 LTS; python2.7,...

7.8CVSS7.1AI score0.02203EPSS
Exploits2References4
Amazon
Amazonadded 2025/04/01 12:0 a.m.6 views

Medium: python-pip

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS7.1AI score0.27095EPSS
Exploits4
Amazon
Amazonadded 2025/04/01 12:0 a.m.10 views

Medium: python-pip

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS9.7AI score0.27095EPSS
Exploits4
Amazon
Amazonadded 2025/04/01 12:0 a.m.7 views

Medium: python3.11-pip

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS7.1AI score0.27095EPSS
Exploits4
Amazon
Amazonadded 2025/04/01 12:0 a.m.6 views

Medium: python38-pip

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS7.2AI score0.27095EPSS
Exploits4
Amazon
Amazonadded 2025/04/01 12:0 a.m.6 views

Medium: python-pip

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS7.2AI score0.27095EPSS
Exploits4
Amazon
Amazonadded 2025/04/01 12:0 a.m.10 views

Medium: python

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS7.2AI score0.27095EPSS
Exploits4
Amazon
Amazonadded 2025/04/01 12:0 a.m.6 views

Medium: python3

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS7.2AI score0.27095EPSS
Exploits4
Amazon
Amazonadded 2025/04/01 12:0 a.m.9 views

Medium: python3.11-pip

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS9.7AI score0.27095EPSS
Exploits4
Tenable Nessus
Tenable Nessusadded 2025/04/01 12:0 a.m.34 views

Amazon Linux 2 : python-pip (ALAS-2025-2814)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2814 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence i...

9.8CVSS7.8AI score0.27095EPSS
Exploits3References4
RedhatCVE
RedhatCVEadded 2025/03/22 11:44 a.m.6 views

CVE-2024-6829

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...

9.1CVSS7.1AI score0.00754EPSS
Exploits1References1
Rows per page
Query Builder