Extracting archives made easy
90%
Total Score
100
100
100
100
50
| Title | Versions | Severity |
|---|---|---|
CVE-2026-53486 @xhmikosr/decompress is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in versions 0.0.0 - 10.2.1 and 11.0.0 - 11.1.3. | 0.0.0 - 10.2.111.0.0 - 11.1.3 | Critical |
| Dependency | Last Release | Score |
|---|---|---|
strip-dirs Version ^3.0.0 | — | — |
graceful-fs Version ^4.2.11 | — | — |
@xhmikosr/decompress-tar Version ^9.0.1 | — | — |
@xhmikosr/decompress-targz Version ^9.0.1 | — | — |
@xhmikosr/decompress-unzip Version ^8.1.1 | — | — |
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant