SUSE CVE-2026-24056

pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...

CVE-2026-24056

pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...

CVE-2026-24056

pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...

GHSA-M733-5W8F-5GGW pnpm has symlink traversal in file:/git dependencies

Summary When pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd, /.ssh/idrsa causes pnpm to copy that file's contents...

Malicious code in file-dependency (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis db9d9ac2b90c17d04ff56afe81a886e99665eb55048e7cc7c9a3f0b1855db828 The OpenSSF Package Analysis project identified 'file-dependency' @ 7.0.1 npm as malicious. It is considered malicious because: - The package...

MAL-2025-42147 Malicious code in file-dependency (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis db9d9ac2b90c17d04ff56afe81a886e99665eb55048e7cc7c9a3f0b1855db828 The OpenSSF Package Analysis project identified 'file-dependency' @ 7.0.1 npm as malicious. It is considered malicious because: - The package...

CVE-2024-54661

A flaw was found in the readline.sh script of Socat through version 1.8.0.1. This vulnerability can allow attackers to exploit improper use of a predictable temporary file...

CVE-2024-54661

readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file...

Description of the Office Online update: April 12, 2011

Description of the Office Online update: April 12, 2011 INTRODUCTION Microsoft has released an update for Microsoft Office Online. This update provides the latest fixes for Office Online. Additionally, this update contains stability and performance improvements. This article describes a critical...