CVE-2026-10732

The CVE-2026-10732 entry affects the npm package decompress . It describes Arbitrary File Write via Archive Extraction (Zip Slip) when extracting a ZIP with two entries sharing a path, where the first is a symlink to an arbitrary target and the second is a regular file. The file content can be wr...

EUVD-2020-1238

Malware in sbrugna...

CVE-2020-12265

The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal...

GHSA-QGFR-5HQP-VRW9 Path Traversal in decompress

Versions of decompress prior to 4.2.1 are vulnerable to Arbitrary File Write. The package fails to prevent extraction of files with relative paths, allowing attackers to write to any folder in the system by including filenames containing../. Recommendation Upgrade to version 4.2.1 or later...

decompress package path traversal vulnerability

decompress package is a decompression package. A path traversal vulnerability exists in decompress package versions prior to 4.2.1 Node.js. This vulnerability can be exploited to write arbitrary files with the help of the '... /' string to write arbitrary files...

Directory traversal

The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal...

CVE-2020-12265

The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal...