CVE-2026-32719 AnythingLLM has a Zip Slip Path Traversal and Code Execution via Community Hub Plugin Import

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts i...

EUVD-2018-0219

Malicious code in bioql PyPI...

K64709522: Multiple Zip Slip vulnerabilities

Security Advisory Description CVE-2018-1002200 plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

Directory Traversal

adm-zip is vulnerable to directory traversal. The vulnerability exists due to the function extractAllTo allowing the extractions of files to a different folder...

Arbitrary File Write

Overview Versions of adm-zip before 0.4.9 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames ../../file.txt for example. Recommendation Update to version 0.4.9 or later. References - GitHub Pull Request - Zip Slip...

Arbitrary File Write via Archive Extraction

Overview Versions of adm-zip before 0.4.9 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames ../../file.txt for example. Recommendation Update to version 0.4.9 or later. References - GitHub Pull Request - Zip Slip...

@lowzonenose/jsonp (>=0.0.1 <=0.0.3), @magnolia/cli (>=3.0.5 <=3.0.6) +184 more potentially affected by CVE-2018-1002204 via adm-zip (>=0.1.4 <=0.4.10)

adm-zip NPM version =0.1.4, =0.0.1, =3.0.5, =0.4.0, =0.1.3, =0.0.2, =0.0.4, =0.0.9, =0.10.0, =0.3.5, =1.0.13, =0.4.0, =0.1.0, =0.1.1 - attester =2.5.3 and more Source cves: CVE-2018-1002204 Source advisory: OSV:GHSA-3V6H-HQM4-2RG6...

Arbitrary File Write in adm-zip

Versions of adm-zip before 0.4.9 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames ../../file.txt for example. Recommendation Update to version 0.4.9 or later...

GHSA-3V6H-HQM4-2RG6 Arbitrary File Write in adm-zip

Versions of adm-zip before 0.4.9 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames ../../file.txt for example. Recommendation Update to version 0.4.9 or later...

ADM-ZIP Directory Traversal Vulnerability

adm-zip npm library is a Node.js-based JavaScript implementation that allows users to create, extract zip files in memory or on disk. A directory traversal vulnerability exists in versions of adm-zip npm library prior to 0.4.9. An attacker can exploit this vulnerability to write arbitrary files...

Directory traversal

adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

CVE-2018-1002204

CVE-2018-1002204 affects the adm-zip npm library prior to version 0.4.9. The vulnerability allows directory traversal during ZIP extraction via ../ path segments, enabling an attacker to write arbitrary files on the target system (Zip-Slip). Public references note the remediation: upgrade to 0.4....

Arbitrary File Write

adm-zip is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory...

Node.js third-party modules: Arbitrary File Write Through Archive Extraction

I would like to report arbitrary file write vulnerability in adm-zip module It allows attackers to write arbitrary files when a malicious archive is extracted. More info here: https://snyk.io/research/zip-slip-vulnerability https://github.com/snyk/zip-slip-vulnerabilityaffected-libraries Module...