Package impact
Go / github.com/zarf-dev/zarf
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40090 | unknown | — | — | 2mo ago | Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write | |||
| CVE-2026-29064 | unknown | — | — | 3mo ago | Zarf's symlink targets in archives are not validated against destination directory in github.com/zarf-dev/zarf |