Lucene search
K

5 matches found

EUVD
EUVD
added 2026/06/26 10:59 p.m.6 views

EUVD-2026-39495

pnpm binds unscoped user-level npm auth credentials to a repository-selected registry...

6.9CVSS5.8AI score0.00254EPSS
Exploits1References2
NVD
NVD
added 2026/06/25 6:16 p.m.9 views

CVE-2026-50017

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local .npmrc file. In the reproduced case, the user's npm config contains a default registry and an unscoped authToken. The repository does...

6.9CVSS0.00254EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/25 4:56 p.m.32 views

CVE-2026-50017 pnpm binds unscoped user-level npm auth credentials to a repository-selected registry

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local .npmrc file. In the reproduced case, the user's npm config contains a default registry and an unscoped authToken. The repository does...

6.9CVSS0.00254EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 4:56 p.m.14 views

CVE-2026-50017

pnpm is affected prior to versions 10.34.0 and 11.4.0. In these versions, during normal metadata/install workflows, pnpm can bind user-level unscoped npm authentication credentials to a repository‑selected registry (as configured by a repository-local .npmrc) and transmit them in an Authorization...

6.9CVSS5.9AI score0.00254EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52516

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description pnpm may send user-level unscoped npm authentication credentials to a registry specified in a repository-local .npmrc file. This occurs when a user's global configuration...

6.9CVSS5.8AI score0.00254EPSS
Exploits1References7
Rows per page
Query Builder