2 matches found
CVE-2026-50017
A flaw was found in pnpm, a package manager. This vulnerability allows pnpm to send user-level unscoped npm authentication credentials to a registry specified by a repository-local .npmrc file. During normal pnpm operations, the user's authentication token, intended for their default registry, ca...
CVE-2026-55699
A flaw was found in pnpm, a package manager. When a malicious package with specially crafted manifest bin object keys such as "." or ".." is installed globally, subsequent package management operations like removal, update, or replacement could lead to the deletion of critical directories. This...