Lucene search
+L

7 matches found

nessus
nessus
added 2026/07/06 12:0 a.m.6 views

pnpm < 10.34.0 / 11.x < 11.4.0 Multiple Vulnerabilities

The version of pnpm installed on the remote host is prior to 10.34.0, or 11.x prior to 11.4.0. It is, therefore, affected by multiple vulnerabilities: - pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. During install, pnpm later uses tha...

8.8CVSS6.2AI score0.00326EPSS
Exploits2References4
euvd
euvd
added 2026/06/26 10:55 p.m.9 views

EUVD-2026-39494

pnpm: Transitive dependency alias path traversal allows project path override via symlink replacement...

8.8CVSS5.8AI score0.00326EPSS
Exploits1References2
nvd
nvd
added 2026/06/25 6:16 p.m.10 views

CVE-2026-50016

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. During install, pnpm later uses that alias as a filesystem path when linking dependency nodes. As a result, a registry package can...

8.8CVSS0.00326EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/06/25 4:53 p.m.5 views

CVE-2026-50016

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. During install, pnpm later uses that alias as a filesystem path when linking dependency nodes. As a result, a registry package can...

8.8CVSS5.9AI score0.00326EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2026/06/25 4:53 p.m.33 views

CVE-2026-50016 pnpm: Transitive dependency alias path traversal allows project path override via symlink replacement

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. During install, pnpm later uses that alias as a filesystem path when linking dependency nodes. As a result, a registry package can...

8.8CVSS0.00326EPSS
Exploits1References1
cve
cve
added 2026/06/25 4:53 p.m.25 views

CVE-2026-50016

pnpm (the package manager) is affected by CVE-2026-50016. Before versions 10.34.0 and 11.4.0, a transitive dependency alias from registry metadata could include path traversal segments. During install, pnpm may treat that alias as a filesystem path when linking dependency nodes, allowing a regist...

8.8CVSS5.9AI score0.00326EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.14 views

PT-2026-52515

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description pnpm allows a transitive dependency alias within registry package metadata to include path traversal segments. During the installation process, pnpm utilizes this alias a...

8.8CVSS5.8AI score0.00326EPSS
Exploits1References9
Rows per page
Query Builder