Lucene search
+L

5 matches found

euvd
euvd
added 2026/06/26 10:53 p.m.10 views

EUVD-2026-39488

pnpm Has an Integrity Check Bypass via Missing Lockfile Integrity Field...

6.8CVSS5.8AI score0.00126EPSS
Exploits1References2
euvd
euvd
added 2026/06/26 10:52 p.m.8 views

EUVD-2026-39489

pnpm: Unsafe default behavior breaks integrity check...

6.8CVSS5.8AI score0.00113EPSS
Exploits1References2
nvd
nvd
added 2026/06/25 6:16 p.m.10 views

CVE-2026-50021

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL...

8.1CVSS0.00126EPSS
Exploits1References1
nvd
nvd
added 2026/06/25 6:16 p.m.10 views

CVE-2026-50573

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm install in non-frozen mode can accept new remote package content after detecting that the downloaded tarball does not match the integrity recorded in pnpm-lock.yaml. When a package is already locked with an integrity value, and the...

8.1CVSS0.00113EPSS
Exploits1References1
cve
cve
added 2026/06/25 4:50 p.m.25 views

CVE-2026-50573

Summary: CVE-2026-50573 affects pnpm prior to 10.34.0 and 11.4.0. In non-frozen mode, when a locked package’s integrity conflicts with later registry content, pnpm may report an integrity mismatch but then perform a resolution repair, update the lockfile with the registry’s new integrity, and ins...

8.1CVSS5.9AI score0.00113EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder