[Git][security-tracker-team/security-tracker][master] Add new issues in pnpm, itp'ed

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 27 08:50:08 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
505d1f2a by Salvatore Bonaccorso at 2026-01-27T09:49:44+01:00
Add new issues in pnpm, itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,19 +33,19 @@ CVE-2026-24408 (sigstore-python is a Python tool for generating and verifying Si
 CVE-2026-24400 (AssertJ provides Fluent testing assertions for Java and the Java Virtu ...)
 	TODO: check
 CVE-2026-24131 (pnpm is a package manager. Prior to version 10.28.2, when pnpm process ...)
-	TODO: check
+	- pnpm <itp> (bug #985669)
 CVE-2026-24123 (BentoML is a Python library for building online serving systems optimi ...)
 	NOT-FOR-US: BentoML
 CVE-2026-24056 (pnpm is a package manager. Prior to version 10.28.2, when pnpm install ...)
-	TODO: check
+	- pnpm <itp> (bug #985669)
 CVE-2026-24003 (EVerest is an EV charging software stack. In versions up to and includ ...)
 	NOT-FOR-US: EVerest
 CVE-2026-23890 (pnpm is a package manager. Prior to version 10.28.1, a path traversal  ...)
-	TODO: check
+	- pnpm <itp> (bug #985669)
 CVE-2026-23889 (pnpm is a package manager. Prior to version 10.28.1, a path traversal  ...)
-	TODO: check
+	- pnpm <itp> (bug #985669)
 CVE-2026-23888 (pnpm is a package manager. Prior to version 10.28.1, a path traversal  ...)
-	TODO: check
+	- pnpm <itp> (bug #985669)
 CVE-2026-23683 (SAP Fiori App Intercompany Balance Reconciliation does not perform nec ...)
 	NOT-FOR-US: SAP
 CVE-2026-22709 (vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/505d1f2a751e4f92080a1b57d3c48c96227b3ddb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/505d1f2a751e4f92080a1b57d3c48c96227b3ddb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260127/23368c5e/attachment.htm>

More information about the debian-security-tracker-commits mailing list