CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

SUSE CVE•added 2026/01/28 12:24 a.m.•2 views

SUSE CVE-2026-23888

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. The vulnerability has two attack vectors: 1 Malicious ZIP entries containing ../ or absolute paths that...

6.5CVSS5.9AI score0.0002EPSS

Exploits1References3

RedhatCVE•added 2026/01/27 4:59 a.m.•1 views

CVE-2026-23888

A flaw was found in pnpm, a package manager. A path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. This can occur through malicious ZIP entries containing directory traversal sequences ../ or absolute paths, or ...

6.5CVSS6.4AI score0.0002EPSS

Exploits1References6

NVD•added 2026/01/26 10:15 p.m.•4 views

CVE-2026-23888

6.5CVSS0.0002EPSS

Exploits1References3

CVE•added 2026/01/26 9:37 p.m.•6 views

CVE-2026-23888

CVE-2026-23888 concerns pnpm, a package manager. The vulnerability is a path traversal flaw in pnpm’s binary fetcher, enabling writes outside the extraction directory via two vectors: (1) malicious ZIP entries with directory traversal or absolute paths using AdmZip’s extractAllTo, and (2) an unva...

6.5CVSS5.9AI score0.0002EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2026/01/26 9:37 p.m.•2 views

CVE-2026-23888 pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip)

6.5CVSS5.9AI score0.0002EPSS

Exploits1References3

Cvelist•added 2026/01/26 9:37 p.m.•21 views

CVE-2026-23888 pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip)

6.5CVSS0.0002EPSS

Exploits1References3

EUVD•added 2026/01/26 9:37 p.m.•2 views

EUVD-2026-4655

6.5CVSS5.9AI score0.0002EPSS

Exploits1References3

AlpineLinux•added 2026/01/26 9:37 p.m.•2 views

CVE-2026-23888

6.5CVSS5.9AI score0.0002EPSS

Exploits1

OSV•added 2026/01/26 9:37 p.m.•3 views

CVE-2026-23888 pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip)

6.5CVSS5.9AI score0.0002EPSS

Exploits1References5

ATTACKERKB•added 2026/01/26 9:37 p.m.•3 views

CVE-2026-23888

6.5CVSS5.9AI score0.0002EPSS

Exploits1References4Affected Software1

Github Security Blog•added 2026/01/26 9:2 p.m.•6 views

pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip)

Summary A path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. The vulnerability has two attack vectors: 1 Malicious ZIP entries containing ../ or absolute paths that escape the extraction root via AdmZip's...

6.5CVSS5.9AI score0.0002EPSS

Exploits1References5Affected Software1

OSV•added 2026/01/26 9:2 p.m.•3 views

GHSA-6PFH-P556-V868 pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip)

6.5CVSS5.9AI score0.0002EPSS

Exploits1References5

Positive Technologies•added 2026/01/17 12:0 a.m.•3 views

PT-2026-4822

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.28.1 Description pnpm, a package manager, contains a flaw in its binary fetcher that permits malicious packages to write files outside the designated extraction directory. This issue arises from two attack vectors:...

7.8CVSS5.9AI score0.0002EPSS

Exploits1References13

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by