[Git][security-tracker-team/security-tracker][master] Add new issues for pnpm, itp'ed
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 25 21:19:24 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cf90d389 by Salvatore Bonaccorso at 2026-06-25T22:19:01+02:00
Add new issues for pnpm, itp'ed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -186,19 +186,19 @@ CVE-2026-55892 (Vim is an open source, command line text editor. Prior to 9.2.06
NOTE: https://github.com/vim/vim/security/advisories/GHSA-qm9w-fmpj-879h
NOTE: Fixed by: https://github.com/vim/vim/commit/8325b193bba5f01e7a7d8241fc8633d93dff996b (v9.2.0662)
CVE-2026-55700 (pnpm is a package manager. From 11.3.0 until 11.5.3, `pnpm stage downl ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-55699 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin o ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-55698 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can persi ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-55697 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can insta ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-55693 (Vim is an open source, command line text editor. Prior to 9.2.0653, th ...)
TODO: check
CVE-2026-55667 (File Browser is a file managing interface for uploading, deleting, pre ...)
NOT-FOR-US: File Browser
CVE-2026-55487 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic pe ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-55477 (3X-UI is a web control panel for managing Xray-core servers. Prior to ...)
NOT-FOR-US: 3X-UI
CVE-2026-55439 (Halo is an open source website building tool. Prior to 2.24.3, a path ...)
@@ -210,7 +210,7 @@ CVE-2026-55412 (ToolJet is the open-source foundation am AI-native platform for
CVE-2026-55411 (ToolJet is the open-source foundation am AI-native platform for buildi ...)
NOT-FOR-US: ToolJet
CVE-2026-55180 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacqu ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-55092 (Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an ...)
TODO: check
CVE-2026-54917 (SeaweedFS is a distributed storage system for object storage (S3), fil ...)
@@ -292,21 +292,21 @@ CVE-2026-54024 (LibreChat is an enhanced ChatGPT clone that supports multiple AI
CVE-2026-53925 (Glances is an open-source system cross-platform monitoring tool. From ...)
TODO: check
CVE-2026-50573 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, `pnpm install` ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-50549 (Cursor is a code editor built for programming with AI. Prior to 3.0, C ...)
NOT-FOR-US: Cursor
CVE-2026-50548 (Cursor is a code editor built for programming with AI. Prior to 3.0, C ...)
NOT-FOR-US: Cursor
CVE-2026-50021 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-50017 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-50016 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-50015 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch a ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-50014 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes th ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-4930 (SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA c ...)
NOT-FOR-US: Silicon Labs
CVE-2026-4526 (In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can tri ...)
@@ -318,7 +318,7 @@ CVE-2026-49506 (Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, conta
CVE-2026-49319 (Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing ...)
TODO: check
CVE-2026-48995 (pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious co ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-48946 (The K2 frontend article-attachment upload path accepts files whose ext ...)
NOT-FOR-US: Joomla
CVE-2026-48945 (The K2 article gallery upload path accepts a zip/tar archive, extracts ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf90d3890e6ffffa0551030c896bfec2be104ea0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf90d3890e6ffffa0551030c896bfec2be104ea0
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260625/6a6f3f7e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list