Fast, disk space efficient package manager
96%
Total Score
100
91
91
100
100
| Title | Versions | Severity |
|---|---|---|
CVE-2026-50015 pnpm is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in versions 0.0.0 - 10.34.0 and 11.0.0 - 11.4.0. | 0.0.0 - 10.34.011.0.0 - 11.4.0 | High |
CVE-2026-50017 pnpm is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in versions 0.0.0 - 10.34.0 and 11.0.0 - 11.4.0. | 0.0.0 - 10.34.011.0.0 - 11.4.0 | Medium |
CVE-2026-50016 pnpm is vulnerable to Relative Path Traversal in versions 0.0.0 - 10.34.0 and 11.0.0 - 11.4.0. | 0.0.0 - 10.34.011.0.0 - 11.4.0 | High |
CVE-2026-50014 pnpm is vulnerable to Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in versions 0.0.0 - 10.34.0 and 11.0.0 - 11.4.0. | 0.0.0 - 10.34.011.0.0 - 11.4.0 | Medium |
CVE-2026-50021 pnpm is vulnerable to Improper Validation of Integrity Check Value in versions 11.0.0 - 11.4.0 and 0.0.0 - 10.34.1. | 0.0.0 - 10.34.111.0.0 - 11.4.0 | Medium |
| Dependency | Last Release | Score |
|---|---|---|
node-gyp Version ^12.3.0 | — | — |
@reflink/reflink Version 0.1.19 | — | — |
v8-compile-cache Version 2.4.0 | — | — |
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant