Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/06/26 10:59 p.m.7 views

pnpm binds unscoped user-level npm auth credentials to a repository-selected registry

Summary pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local .npmrc file. In the reproduced case, the user's npm config contains a default registry and an unscoped authToken. The repository does not provide a token-bearing auth line. It only...

6.9CVSS6AI score0.00254EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/06/26 10:59 p.m.6 views

EUVD-2026-39495

pnpm binds unscoped user-level npm auth credentials to a repository-selected registry...

6.9CVSS5.8AI score0.00254EPSS
Exploits1References2
NVD
NVD
added 2026/06/25 6:16 p.m.9 views

CVE-2026-50017

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local .npmrc file. In the reproduced case, the user's npm config contains a default registry and an unscoped authToken. The repository does...

6.9CVSS0.00254EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/25 4:56 p.m.32 views

CVE-2026-50017 pnpm binds unscoped user-level npm auth credentials to a repository-selected registry

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local .npmrc file. In the reproduced case, the user's npm config contains a default registry and an unscoped authToken. The repository does...

6.9CVSS0.00254EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 4:56 p.m.18 views

CVE-2026-50017

pnpm is affected prior to versions 10.34.0 and 11.4.0. In these versions, during normal metadata/install workflows, pnpm can bind user-level unscoped npm authentication credentials to a repository‑selected registry (as configured by a repository-local .npmrc) and transmit them in an Authorization...

6.9CVSS5.9AI score0.00254EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder