Note: This article documents work performed with AI assistance (Claude Sonnet 4.6 via Claude Code), including the original bug analysis, the pre-submission review that prompted the path change, and the PR that was ultimately submitted. All technical claims are verified against the ONNX source tree and the public PR. The hook: a real bug that was never going to ship as an advisory The bug was straightforward once I saw it. In onnx/utils.py , a helper function called _tar_members_filter uses a plain str.startswith() call to validate that a tar archive member lives inside the intended extraction directory: # onnx/utils.py (simplified) abs_base = os . path . abspath ( base ) abs_member = os . path . abspath ( member_path ) if not abs_member . startswith ( abs_base ): # <-- no os.sep guard raise RuntimeError ( " traversal detected " ) Enter fullscreen mode Exit fullscreen mode The problem is that startswith is a string operation, not a path operation.…