Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Tag: pnpm Clear
ID Title
CVE-2026-59196 Path Traversal in pnpm (CVE-2026-59196)
path traversal in pnpm (CVE-2026-59196). Data can be tampered with by attackers. Mitigation: upgrade to `10.34.4` or later.
CVE-2026-59195 Path Traversal in pnpm (CVE-2026-59195)
path traversal in pnpm (CVE-2026-59195). Data can be tampered with by attackers. Mitigation: upgrade to `10.34.4` or later.
CVE-2026-59194 Path Traversal in pnpm (CVE-2026-59194)
path traversal in pnpm (CVE-2026-59194). Data can be tampered with by attackers. Mitigation: upgrade to `10.34.4` or later.
CVE-2026-55700 Path Traversal in pnpm (CVE-2026-55700)
path traversal in pnpm (CVE-2026-55700). Data can be tampered with by attackers. Exploitable via ``main``. Mitigation: upgrade to `11.5.3` or later.
CVE-2026-55699 Path Traversal in pnpm (CVE-2026-55699)
path traversal in pnpm (CVE-2026-55699). Risk of unauthorized operations or information disclosure. Exploitable via ``a93449314f398cf4bdf2e28d033c02d37395ad22``. Mitigation: upgrade to `11.5.3` or later.
CVE-2026-55698 Vulnerability in pnpm (CVE-2026-55698)
vulnerability in pnpm (CVE-2026-55698). Successful exploitation can lead to full system takeover. Exploitable via ``a93449314f398cf4bdf2e28d033c02d37395ad22``. Mitigation: upgrade to `11.5.3` or later.
CVE-2026-55697 OS Command Injection in pnpm (CVE-2026-55697)
OS command injection in pnpm (CVE-2026-55697). Successful exploitation can lead to full system takeover. Exploitable via ``a93449314f398cf4bdf2e28d033c02d37395ad22``. Mitigation: upgrade to `11.5.3` or later.
CVE-2026-55487 Vulnerability in pnpm (CVE-2026-55487)
vulnerability in pnpm (CVE-2026-55487). Successful exploitation can lead to full system takeover. Exploitable via ``bf1b731ee6``. Mitigation: upgrade to `10.34.2` or later.
CVE-2026-55180 Information Disclosure in pnpm (CVE-2026-55180)
vulnerability in pnpm (CVE-2026-55180). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `11.5.3` or later.
CVE-2026-50015 Path Traversal in pnpm (CVE-2026-50015)
path traversal in pnpm (CVE-2026-50015). Data can be tampered with by attackers. Exploitable via ``patchedDependencies``. Mitigation: upgrade to `11.4.0` or later.
CVE-2026-50017 Information Disclosure in pnpm (CVE-2026-50017)
vulnerability in pnpm (CVE-2026-50017). Confidential information can be exposed externally. Exploitable via ``_authToken``. Mitigation: upgrade to `11.4.0` or later.
CVE-2026-50016 Vulnerability in pnpm (CVE-2026-50016)
vulnerability in pnpm (CVE-2026-50016). Successful exploitation can lead to full system takeover. Exploitable via ``node_modules``. Mitigation: upgrade to `11.4.0` or later.
CVE-2026-48995 Vulnerability in pnpm (CVE-2026-48995)
vulnerability in pnpm (CVE-2026-48995). Successful exploitation can lead to full system takeover. Exploitable via ``codeload.github.com``. Mitigation: upgrade to `11.0.7` or later.
CVE-2025-69262 pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings....
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code E...
CVE-2025-69264 Vulnerability in pnpm (CVE-2025-69264)
vulnerability in pnpm (CVE-2025-69264). Successful exploitation can lead to full system takeover.
CVE-2025-69263 pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve differe...
pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. An attacker who publishes a package w...
CVE-2024-53866 Vulnerability in pnpm (CVE-2024-53866)
vulnerability in pnpm (CVE-2024-53866). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →