📦 Pnpm

This vulnerability in pnpm package manager allows malicious npm packages to bypass security controls and execute arbitrary code during installation. It affects all users running pnpm versions before 9...

This CVE describes a command injection vulnerability in pnpm package manager versions 6.25.0 through 10.26.2. Attackers who can control environment variables during pnpm operations can achieve remote ...

This CVE allows attackers to serve malicious code through HTTP tarball dependencies in pnpm packages. The lockfile fails to provide integrity verification, enabling different content to be delivered o...

This vulnerability in pnpm package manager versions 10.0.0 through 10.25 allows git-hosted dependencies to execute arbitrary code during installation. It bypasses pnpm v10's security feature that disa...

This vulnerability in pnpm allows attackers to create specially crafted tarballs that appear safe when inspected on npm registry or installed via npm, but execute malicious code when installed via pnp...

This vulnerability in pnpm (package manager) uses MD5 hashing for path shortening, which can cause collisions where two different libraries get stored in the same directory path. This affects develope...