Filtered by vendor Pnpm Subscriptions
Filtered by product Pnpm Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-37478 1 Pnpm 1 Pnpm 2024-11-21 7.5 High
pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. This can result in a package that appears safe on the npm registry or when installed via npm being replaced with a compromised or malicious version when installed via pnpm. This issue has been patched in version(s) 7.33.4 and 8.6.8.
CVE-2022-26183 2 Microsoft, Pnpm 2 Windows, Pnpm 2024-11-21 8.8 High
PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS.