Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2 matches found

Cvelist
Cvelistadded 2026/01/26 9:53 p.m.18 views

CVE-2026-23890 pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal...

6.5CVSS0.00438EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/01/26 12:0 a.m.12 views

pnpm security vulnerabilities

PNPM is a package manager developed by the open-source project Pnpm. Versions of Pnpm prior to 10.28.1 contained security vulnerabilities. These vulnerabilities were caused by path traversal in binary links, which could allow malicious npm packages to create executable files or symbolic links...

6.5CVSS5.8AI score0.00438EPSS
Exploits1References3
Rows per page
Query Builder