Lucene search
K

322 matches found

RedhatCVE
RedhatCVE
added 6 days ago8 views

CVE-2026-59195

A flaw was found in pnpm, a package manager. A remote attacker could exploit a path traversal vulnerability by crafting a malicious pnpm-lock.yaml file. When a user installs dependencies from such a repository, pnpm incorrectly processes package names from the configDependencies section, leading ...

8.2CVSS6AI score0.00257EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 6 days ago8 views

CVE-2026-59194

A flaw was found in pnpm, a package manager. A remote attacker could exploit this vulnerability by providing a specially crafted patch entry. This crafted entry could resolve outside the configured patches directory, allowing for the deletion of an arbitrary file when pnpm patch-remove is execute...

7.1CVSS6AI score0.00257EPSS
Exploits1References4
OSV
OSV
added 2026/07/07 12:57 p.m.6 views

ROOT-APP-NPM-CVE-2026-50016 CVE-2026-50016 in @rootio/pnpm - Patched by Root

Root has patched CVE-2026-50016 in the @rootio/pnpm package for Root:npm. Multiple fixed versions available...

8.8CVSS5.9AI score0.00326EPSS
Exploits1
OSV
OSV
added 2026/07/07 12:57 p.m.6 views

ROOT-APP-NPM-CVE-2026-55487 CVE-2026-55487 in @rootio/pnpm - Patched by Root

Root has patched CVE-2026-55487 in the @rootio/pnpm package for Root:npm. Multiple fixed versions available...

8.8CVSS5.9AI score0.00118EPSS
Exploits1
OSV
OSV
added 2026/07/07 12:57 p.m.8 views

ROOT-APP-NPM-CVE-2026-55697 CVE-2026-55697 in @rootio/pnpm - Patched by Root

Root has patched CVE-2026-55697 in the @rootio/pnpm package for Root:npm. Multiple fixed versions available...

8.8CVSS5.9AI score0.00127EPSS
Exploits1
OSV
OSV
added 2026/07/07 12:57 p.m.8 views

ROOT-APP-NPM-GHSA-72R4-9C5J-MJ57 GHSA-72r4-9c5j-mj57 in @rootio/pnpm - Patched by Root

Root has patched GHSA-72r4-9c5j-mj57 in the @rootio/pnpm package for Root:npm. Multiple fixed versions available...

5.9AI score
Exploits0
OSV
OSV
added 2026/07/07 12:57 p.m.8 views

ROOT-APP-NPM-CVE-2026-50015 CVE-2026-50015 in @rootio/pnpm - Patched by Root

Root has patched CVE-2026-50015 in the @rootio/pnpm package for Root:npm. Multiple fixed versions available...

7.3CVSS5.9AI score0.0027EPSS
Exploits1
OSV
OSV
added 2026/07/07 12:57 p.m.6 views

ROOT-APP-NPM-GHSA-FR4H-3CPH-29XV GHSA-fr4h-3cph-29xv in @rootio/pnpm - Patched by Root

Root has patched GHSA-fr4h-3cph-29xv in the @rootio/pnpm package for Root:npm. Multiple fixed versions available...

5.9AI score
Exploits0
NVD
NVD
added 2026/07/06 4:16 p.m.10 views

CVE-2026-59195

pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under nodemodules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml who...

8.2CVSS0.00257EPSS
Exploits1References1
NVD
NVD
added 2026/07/06 4:16 p.m.7 views

CVE-2026-59194

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This vulnerability is fixed in 10.34.4 and 11.7.0...

7.1CVSS0.00257EPSS
Exploits1References1
NVD
NVD
added 2026/07/06 4:16 p.m.6 views

CVE-2026-59196

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted nodemodules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm could overwrite pnpm-owned layout. This vulnerability is fix...

7.1CVSS0.00262EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/07/06 3:21 p.m.35 views

CVE-2026-59195 pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config

pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under nodemodules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml who...

8.2CVSS0.00257EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 3:21 p.m.4 views

CVE-2026-59195

pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under nodemodules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml who...

8.2CVSS6AI score0.00257EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/07/06 3:21 p.m.19 views

CVE-2026-59195

CVE-2026-59195 affects pnpm prior to versions 10.34.4 and 11.8.0. The issue arises when pnpm reads package names from the env lockfile’s configDependencies section and uses those names directly to create config dependency symlinks under node_modules/.pnpm-config. A crafted pnpm-lock.yaml with a t...

8.2CVSS6AI score0.00257EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/07/06 3:21 p.m.8 views

CVE-2026-59195 pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config

pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under nodemodules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml who...

8.2CVSS6AI score0.00257EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 3:18 p.m.5 views

CVE-2026-59196

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted nodemodules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm could overwrite pnpm-owned layout. This vulnerability is fix...

7.1CVSS5.9AI score0.00262EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/07/06 3:18 p.m.5 views

EUVD-2026-41882

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted nodemodules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm could overwrite pnpm-owned layout. This vulnerability is fix...

7.1CVSS5.9AI score0.00262EPSS
Exploits1References1
CVE
CVE
added 2026/07/06 3:18 p.m.17 views

CVE-2026-59196

pnpm is vulnerable prior to versions 10.34.4 and 11.7.0 due to a crafted lockfile alias that can be joined under a hoisted node_modules directory, enabling traversal aliases to escape the directory and reserved aliases like .bin or .pnpm to overwrite pnpm-owned layout. The fixed versions are 10.3...

7.1CVSS5.9AI score0.00262EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/07/06 3:18 p.m.34 views

CVE-2026-59196 pnpm: hoisted install imports lockfile alias outside node_modules

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted nodemodules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm could overwrite pnpm-owned layout. This vulnerability is fix...

7.1CVSS0.00262EPSS
Exploits1References1
OSV
OSV
added 2026/07/06 3:18 p.m.4 views

CVE-2026-59196 pnpm: hoisted install imports lockfile alias outside node_modules

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted nodemodules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm could overwrite pnpm-owned layout. This vulnerability is fix...

7.1CVSS5.9AI score0.00262EPSS
Exploits1References3
Rows per page
Query Builder