# unzip 6.0

Snapshot of gominimal/pkgs commit `cd4b09dd2f492c47fba70eb1b8a8c724dabdc7e9` (pushed 2026-07-10T23:16:55.000Z).

## Install

```sh
min add unzip
```

## Direct advisories

| ID | Severity | CVSS | Fix status | Fixed version | Summary |
| --- | --- | --- | --- | --- | --- |
| CVE-2021-4217 | LOW | 3.3 | unknown_fix | — | A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. |

## Transitive advisories

5 advisories inherited through runtime dependencies:

- CVE-2026-4046 (HIGH) via glibc
- CVE-2026-4437 (HIGH) via glibc
- CVE-2026-4438 (MEDIUM) via glibc
- CVE-2026-5450 (CRITICAL) via glibc
- CVE-2026-5928 (HIGH) via glibc

## Dependencies

- Build (4): base, make, patch, toolchain
- Runtime (1): glibc

## Links

- Package page (HTML): https://minimal.dev/pkgs/unzip
- JSON API (floats latest): https://minimal.dev/api/pkgs/unzip.json
- SBOM (CycloneDX 1.5): https://minimal.dev/api/pkgs/unzip/sbom.json
