Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AC:H because exploitation needs both lockfile modification and control of registry-served content; PR:L for the repository/lockfile write access required; I:H/C:H from arbitrary tampered-package execution, A:N as availability is not the direct impact.
Primary rating from Vendor (GitHub_M).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
8DescriptionNVD
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL to serve altered package content, pnpm install --frozen-lockfile can install the altered package without an integrity error. npm's npm ci enforces integrity by default; pnpm's behavior of silently skipping verification is a pnpm-specific fail-open gap. This vulnerability is fixed in 10.34.0 and 11.4.0.
AnalysisAI
Integrity-check bypass in the pnpm package manager (versions before 10.34.0/10.34.1 and 11.0.0-11.3.x) lets tampered packages install silently because the tarball extraction worker skips hash verification whenever the lockfile resolution has no integrity field. An attacker who can both edit pnpm-lock.yaml to drop the integrity: line and cause the referenced registry URL to serve altered content can push a malicious package through pnpm install --frozen-lockfile without any integrity error - a fail-open gap that npm's npm ci does not share. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires two concrete, simultaneous prerequisites: (1) the attacker must be able to modify `pnpm-lock.yaml` to delete the `integrity:` field from a remote tarball resolution (e.g., via repository write access, a merged pull request, or a compromised developer), and (2) the attacker must control the content served at that package's registry URL so the altered tarball is delivered (registry compromise, malicious proxy/mirror, or MITM). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals point to a genuine but conditional supply-chain risk rather than a mass-exploitation emergency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker submits or sneaks a change into a project's pnpm-lock.yaml that removes the `integrity:` line for a chosen dependency, then arranges for that dependency's registry URL to return a backdoored tarball (e.g., via registry compromise, a malicious proxy, or man-in-the-middle on an unverified path). When CI runs `pnpm install --frozen-lockfile`, pnpm skips hash verification, installs the tampered package, and the malicious postinstall/runtime code executes in the build or deployment environment. … |
| Remediation | Vendor-released patch: upgrade to pnpm 10.34.1 (10.x line; advisory also lists 10.34.0 as the fix) or 11.4.0 (11.x line), per GHSA-q6j5-fjx5-2mc3 (https://github.com/pnpm/pnpm/security/advisories/GHSA-q6j5-fjx5-2mc3). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify all pnpm installations and current versions across development and CI/CD environments. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote
Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Nest is a framework for building scalable Node.js server-side applications. Rated critical severity (CVSS 9.4), this vul
Remote unauthenticated attackers achieve full code execution on Paperclip AI orchestration servers (versions prior to 20
n8n workflow automation (through 1.121.2) allows authenticated users to execute arbitrary code via the n8n service, with
## Abstract Trend Micro's Zero Day Initiative has identified a vulnerability affecting FlowiseAI Flowise. ## Vulnerabi
n8n workflow automation (1.65.0 to 1.121.0) allows unauthenticated file access through form-based workflows. A critical
Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l
enclave-vm JavaScript sandbox (before 2.7.0) has a critical sandbox escape. When a tool invocation fails, a host-side Er
NO_PROXY protection bypass in Axios HTTP client (versions 1.0.0-1.15.0 and ≤0.31.0) lets an attacker who controls a requ
Unauthenticated remote code execution in DbGate (npm package dbgate-serve, versions <= 7.1.8) lets remote attackers exec
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39488
GHSA-q6j5-fjx5-2mc3