{
  "title": "pnpm Package-Manager Supply-Chain Advisory Batch",
  "summary": "pnpm disclosed a cluster of package-manager vulnerabilities affecting lockfile integrity, Git dependency fetching, repository registry configuration, patch application, and symlink creation; responders should inventory vulnerable pnpm versions and review credential-bearing install paths.",
  "date": "2026-06-27",
  "severity": "high",
  "tags": [
    "pnpm",
    "npm",
    "package-manager",
    "lockfile-integrity",
    "ci-cd"
  ],
  "sources_count": 8,
  "indicators": {
    "slug": "pnpm-package-manager-supply-chain-advisory-batch",
    "since": "2026-06-27T00:00:00Z",
    "until": "2026-06-27T23:59:59Z",
    "ecosystem": "",
    "cves": [
      "CVE-2026-48995",
      "CVE-2026-50573",
      "CVE-2026-50021",
      "CVE-2026-50014",
      "CVE-2026-50016",
      "CVE-2026-50017",
      "CVE-2026-50015",
      "CVE-2026-55180"
    ],
    "cwes": [],
    "advisoryIds": [],
    "products": [],
    "packages": [],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [
      "resolution.commit",
      "codeload.github.com"
    ],
    "urls": [],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}