Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

99 advisories

Loading
pnpm: Repository-controlled configDependencies can select a pacquet native install engine High
CVE-2026-55697 was published for pnpm (npm) Jun 26, 2026
sondt99 Credited to sondt99 and dungNHVhust dungNHVhust dungNHVhust
stigmem-node's unsigned plugin override could be enabled without a second explicit acknowledgment High
GHSA-w7pm-9g55-mxfm was published for stigmem-node (pip) May 29, 2026
apko doesn't verify downloaded apk packages against APKINDEX checksum (package substitution possible) High
CVE-2026-42575 was published for chainguard.dev/apko (Go) May 4, 2026
1seal Credited to 1seal and antitree antitree antitree
ZeroXJacks Credited to ZeroXJacks
pnpm Has Lockfile Integrity Bypass that Allows Remote Dynamic Dependencies High
CVE-2025-69263 was published for pnpm (npm) Jan 7, 2026
orenyomtov Credited to orenyomtov
ProTip! Advisories are also available from the GraphQL API