{"id":"GO-2025-3581","summary":"github.com/jaredallard/archives Has Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","details":"github.com/jaredallard/archives Has Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","aliases":["CVE-2025-64346","GHSA-j95m-rcjp-q69h"],"modified":"2026-03-03T04:56:28.495365Z","published":"2025-04-01T21:39:57Z","database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-3581"},"references":[{"type":"ADVISORY","url":"https://github.com/jaredallard/archives/security/advisories/GHSA-j95m-rcjp-q69h"}],"affected":[{"package":{"name":"github.com/jaredallard/archives","ecosystem":"Go","purl":"pkg:golang/github.com/jaredallard/archives"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.0.1"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3581.json"}}],"schema_version":"1.7.3"}