Astral-sh Tokio-tar

3 CVEs affecting Astral-sh Tokio-tar. Latest disclosed: 2026-03-20. Critical: 0, High: 1.

Top CVEs affecting Astral-sh Tokio-tar
CVESeverityScorePublishedSummary
CVE-2025-62518High8.12025-10-21astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability…
CVE-2026-327662026-03-20astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when pa…
CVE-2025-598252025-09-23astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside o…