Known Vulnerabilities for products from Decompress Project
Listed below are 4 of the newest known vulnerabilities associated with the vendor "Decompress Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-39246 json | decompress before 4.2.2 allows arbitrary symlink creation during archive extraction. When processing symlink entries (type ==... | Not Provided | 2026-07-09 | 2026-07-13 |
| CVE-2026-39245 json | decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write... | Not Provided | 2026-07-09 | 2026-07-13 |
| CVE-2026-39243 json | decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file ... | Not Provided | 2026-07-09 | 2026-07-13 |
| CVE-2020-12265 json | The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a sy... | 9.8 - CRITICAL | 2020-04-26 | 2021-07-21 |
Known software with vulnerabilities from Decompress Project
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Decompress Project | Decompress | 0.1.0 |