CVE-2026-15921
The CVE-2026-15921 issue affects Node Version Manager (nvm) up to v0.40.5, where nvm ls-remote and similar commands parse the mirror index.tab and use each LTS codename as an alias filename without validation. A malicious mirror can return path-traversal codenames (e.g., ../../../.bashrc), causin...