nodejs
nodejs
- CVE-2026-50015 - pnpm malicious patch path traversal
- CVE-2026-55487 - pnpm allowBuilds identity spoof
- CVE-2026-55697 - pnpm global bin name traversal
- CVE-2026-55698 - pnpm env lockfile short-circuit
- CVE-2026-55700 - pnpm stage download symlink traversal
- GHSA-72r4-9c5j-mj57 - pnpm better-node-range CPU exhaustion
- GHSA-fr4h-3cph-29xv - pnpm protocol specifier bypass
- GHSA-qrv3-253h-g69c - pnpm configDependencies symlink traversal
- CVE-2026-6734 - undici Socks5ProxyAgent cross-origin pool confusion
- CVE-2026-6734 - undici Socks5ProxyAgent cross-origin pool reuse
- CVE-2026-48068 - grpc-js malformed request server crash
- CVE-2026-48069 - grpc-js malformed compressed message crash
- CVE-2026-6321 - fast-uri encoded path traversal
- CVE-2026-10796 - nvm mirror version command injection
- CVE-2026-41680 - marked tokenizer OOM denial of service
- CVE-2026-41242 - protobufjs generated-code RCE