Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/06/26 10:52 p.m.6 views

pnpm: Unsafe default behavior breaks integrity check

While it is unclear whether this should be classified as a vulnerability, it is being reported through this channel because the current behavior may represent an unsafe default. Summary pnpm install in non-frozen mode can accept new remote package content after detecting that the downloaded tarba...

8.1CVSS5.7AI score0.00113EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/06/26 10:52 p.m.6 views

EUVD-2026-39489

pnpm: Unsafe default behavior breaks integrity check...

6.8CVSS5.8AI score0.00113EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/25 4:50 p.m.29 views

CVE-2026-50573 pnpm: Unsafe default behavior breaks integrity check

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm install in non-frozen mode can accept new remote package content after detecting that the downloaded tarball does not match the integrity recorded in pnpm-lock.yaml. When a package is already locked with an integrity value, and the...

6.8CVSS0.00113EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 4:50 p.m.17 views

CVE-2026-50573

Summary: CVE-2026-50573 affects pnpm prior to 10.34.0 and 11.4.0. In non-frozen mode, when a locked package’s integrity conflicts with later registry content, pnpm may report an integrity mismatch but then perform a resolution repair, update the lockfile with the registry’s new integrity, and ins...

8.1CVSS5.9AI score0.00113EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.17 views

PT-2026-52518

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description When running pnpm install in non-frozen mode, the package manager may accept new remote package content even after detecting that the downloaded tarball does not match th...

6.8CVSS5.8AI score0.00113EPSS
Exploits1References6
Rows per page
Query Builder