[Git][security-tracker-team/security-tracker][master] Add new issues in pnpm, itp'ed

Tue, 27 Jan 2026 00:50:53 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
505d1f2a by Salvatore Bonaccorso at 2026-01-27T09:49:44+01:00
Add new issues in pnpm, itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,19 +33,19 @@ CVE-2026-24408 (sigstore-python is a Python tool for 
generating and verifying Si
 CVE-2026-24400 (AssertJ provides Fluent testing assertions for Java and the 
Java Virtu ...)
        TODO: check
 CVE-2026-24131 (pnpm is a package manager. Prior to version 10.28.2, when pnpm 
process ...)
-       TODO: check
+       - pnpm <itp> (bug #985669)
 CVE-2026-24123 (BentoML is a Python library for building online serving 
systems optimi ...)
        NOT-FOR-US: BentoML
 CVE-2026-24056 (pnpm is a package manager. Prior to version 10.28.2, when pnpm 
install ...)
-       TODO: check
+       - pnpm <itp> (bug #985669)
 CVE-2026-24003 (EVerest is an EV charging software stack. In versions up to 
and includ ...)
        NOT-FOR-US: EVerest
 CVE-2026-23890 (pnpm is a package manager. Prior to version 10.28.1, a path 
traversal  ...)
-       TODO: check
+       - pnpm <itp> (bug #985669)
 CVE-2026-23889 (pnpm is a package manager. Prior to version 10.28.1, a path 
traversal  ...)
-       TODO: check
+       - pnpm <itp> (bug #985669)
 CVE-2026-23888 (pnpm is a package manager. Prior to version 10.28.1, a path 
traversal  ...)
-       TODO: check
+       - pnpm <itp> (bug #985669)
 CVE-2026-23683 (SAP Fiori App Intercompany Balance Reconciliation does not 
perform nec ...)
        NOT-FOR-US: SAP
 CVE-2026-22709 (vm2 is an open source vm/sandbox for Node.js. In vm2 prior to 
version  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/505d1f2a751e4f92080a1b57d3c48c96227b3ddb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/505d1f2a751e4f92080a1b57d3c48c96227b3ddb
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to