Search for packages
| purl | pkg:npm/pnpm@0.65.4 |
| Next non-vulnerable version | 10.28.2 |
| Latest non-vulnerable version | 11.0.0-alpha.0 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5p8u-1r5s-6qbz
Aliases: CVE-2026-23888 GHSA-6pfh-p556-v868 |
pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip) A path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. The vulnerability has two attack vectors: (1) Malicious ZIP entries containing `../` or absolute paths that escape the extraction root via AdmZip's `extractAllTo`, and (2) The `BinaryResolution.prefix` field is concatenated into the extraction path without validation, allowing a crafted prefix like `../../evil` to redirect extracted files outside `targetDir`. |
Affected by 2 other vulnerabilities. |
|
VCID-5yt8-uzxj-vub4
Aliases: CVE-2026-23890 GHSA-xpqm-wm3m-f34h |
pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin A path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of `node_modules/.bin`. Bin names starting with `@` bypass validation, and after scope normalization, path traversal sequences like `../../` remain intact. |
Affected by 2 other vulnerabilities. |
|
VCID-78bz-kqa9-uuft
Aliases: CVE-2026-24056 GHSA-m733-5w8f-5ggw |
pnpm has symlink traversal in file:/git dependencies When pnpm installs a `file:` (directory) or `git:` dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) causes pnpm to copy that file's contents into `node_modules`, leaking local data. **Preconditions:** Only affects `file:` and `git:` dependencies. Registry packages (npm) have symlinks stripped during publish and are NOT affected. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-8bcw-h9nr-wffw
Aliases: CVE-2024-47829 GHSA-8cc4-rfj6-fhg4 |
pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting The path shortening function is used in pnpm: ``` export function depPathToFilename (depPath: string, maxLengthWithoutHash: number): string { let filename = depPathToFilenameUnescaped(depPath).replace(/[\\/:*?"<>|]/g, '+') if (filename.includes('(')) { filename = filename .replace(/\)$/, '') .replace(/(\)\()|\(|\)/g, '_') } if (filename.length > maxLengthWithoutHash || filename !== filename.toLowerCase() && !filename.startsWith('file+')) { return `${filename.substring(0, maxLengthWithoutHash - 27)}_${createBase32Hash(filename)}` } return filename } ``` However, it uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name /node_modoules/, there are no version numbers for the libraries they refer to.  In the diagram, we assume that two packages are called packageA and packageB, and that the first 90 digits of their package names must be the same, and that the hash value of the package names with versions must be the same. Then C is the package that they both reference, but with a different version number. (npm allows package names up to 214 bytes, so constructing such a collision package name is obvious.) Then hash(packageA@1.2.3)=hash(packageB@3.4.5). This results in the same path for the installation, and thus under the same directory. Although the package names under node_modoules are the full paths again, they are shared with C. What is the exact version number of C? In our local tests, it depends on which one is installed later. If packageB is installed later, the C version number will change to 2.0.0. At this time, although package A requires the C@1.0.0 version, package. json will only work during installation, and will not affect the actual operation. We did not receive any installation error issues from pnpm during our local testing, nor did we use force, which is clearly a case that can be triggered. For a package with a package name + version number longer than 120, another package can be constructed to introduce an indirect reference to a lower version, such as one with some known vulnerability. Alternatively, it is possible to construct two packages with more than 120 package names + version numbers. This is clearly an advantage for those intent on carrying out supply chain attacks. The solution: The repair cost is also very low, just need to upgrade the md5 function to sha256. |
Affected by 8 other vulnerabilities. |
|
VCID-91bz-7gcc-qfh6
Aliases: CVE-2022-26183 GHSA-9m87-6fj3-c5xh |
Untrusted Search Path PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS. |
Affected by 9 other vulnerabilities. |
|
VCID-9yxm-kuxe-zbgg
Aliases: CVE-2025-69263 GHSA-7vhp-vf5g-r2fw |
pnpm Has Lockfile Integrity Bypass that Allows Remote Dynamic Dependencies HTTP tarball dependencies (and git-hosted tarballs) are stored in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. |
Affected by 6 other vulnerabilities. |
|
VCID-f6mh-kk89-8fh6
Aliases: CVE-2026-24131 GHSA-v253-rj99-jwpq |
pnpm has Path Traversal via arbitrary file permission modification When pnpm processes a package's `directories.bin` field, it uses `path.join()` without validating the result stays within the package root. A malicious npm package can specify `"directories": {"bin": "../../../../tmp"}` to escape the package directory, causing pnpm to chmod 755 files at arbitrary locations. **Note:** Only affects Unix/Linux/macOS. Windows is not affected (`fixBin` gated by `EXECUTABLE_SHEBANG_SUPPORTED`). |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-f9mq-9k4v-dbaj
Aliases: CVE-2024-53866 GHSA-vm32-9rqf-rh3r |
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion pnpm seems to mishandle overrides and global cache: 1. Overrides from one workspace leak into npm metadata saved in global cache 2. npm metadata from global cache affects other workspaces 3. installs by default don't revalidate the data (including on first lockfile generation) This can make workspace A (even running with `ignore-scripts=true`) posion global cache and execute scripts in workspace B Users generally expect `ignore-scripts` to be sufficient to prevent immediate code execution on install (e.g. when the tree is just repacked/bundled without executing it). Here, that expectation is broken |
Affected by 8 other vulnerabilities. |
|
VCID-q8ww-9xsn-mbhb
Aliases: CVE-2023-37478 GHSA-5r98-f33j-g8h7 |
pnpm incorrectly parses tar archives relative to specification pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. This can result in a package that appears safe on the npm registry or when installed via npm being replaced with a compromised or malicious version when installed via pnpm. This issue has been patched in version(s) 7.33.4 and 8.6.8. |
Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-txar-vsfq-9qeq
Aliases: CVE-2026-23889 GHSA-6x96-7vc8-cm3p |
pnpm has Windows-specific tarball Path Traversal A path traversal vulnerability in pnpm's tarball extraction allows malicious packages to write files outside the package directory on Windows. The path normalization only checks for `./` but not `.\`. On Windows, backslashes are directory separators, enabling path traversal. **This vulnerability is Windows-only.** |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||