Find real vulnerabilities before they ship
Vulnerability Database › go › CVE-2025-0377
HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry.
Base Score