pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's directories.bin field, it uses `path.join()

pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: (directory) or git: dependency, it follows sym

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm pac

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's tarball extraction allows malicious

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's binary fetcher allows malicious pack

pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable

pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hosted dependencies to execute arbitrary code during pnpm insta

pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile wi

pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compre

The package manager pnpm prior to version 9.15.0 seems to mishandle overrides and global cache: Overrides from one workspace leak

pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, b

PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected way