Package impact
Go / github.com/zarf-dev/zarf/src/pkg/archive
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-29064 | unknown | — | — | 3mo ago | Zarf's symlink targets in archives are not validated against destination directory in github.com/zarf-dev/zarf |