Description
pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. The lockfile does not store the hash of the dependencies from https://codeload.github.com. This means that if this server was compromised or a person's machine configuration was compromised, pnpm would download and install these dependencies. This vulnerability is fixed in 10.33.4 and 11.0.7.
Published: 2026-06-25
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability exists in pnpm’s lockfile handling: it does not record the hash for tarball dependencies retrieved from codeload.github.com. If that host is compromised or a user’s network configuration is manipulated, pnpm will download and install an arbitrary tarball without verifying integrity, which can execute malicious code during installation. The weakness involves missing hash verification (CWE‑353) and insecure use of a downloaded package (CWE‑494).

Affected Systems

pnpm versions earlier than 10.33.4 in the 10.x series and earlier than 11.0.7 in the 11.x series. Projects using.github.com are affected.

Risk and Exploitability

The CVSS score of 4.8 classifies the vulnerability as medium severity, and the EPSS score of <1% indicates a very low but nonzero likelihood of exploitation. It is not listed in CISA’s KEV catalog. Exploitation requires control of the codeload.github.com service or manipulation of the user’s network environment to serve a malicious tarball. Although the overall risk is moderate, the potential for arbitrary code execution necessitates timely mitigation.

Generated by OpenCVE AI on July 14, 2026 at 21:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade pnpm to version 10.33.4 or later, or 11.0.7 or later, to enable hash verification for GitHub tarballs.
  • Regenerate the lockfile and reinstall dependencies after the upgrade to ensure all integrity hashes are present and to remediate any missing hashes in existing lockfiles.
  • Verify and secure the network path to codeload.github.com, for example by enforcing HTTPS certificate pinning, using a trusted proxy, or applying DNS filtering, to prevent tampering with tarball downloads.

Generated by OpenCVE AI on July 14, 2026 at 21:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-hg3w-7f8c-63hp pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile
History

Tue, 07 Jul 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-494
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

threat_severity

Important


Fri, 26 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 25 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Pnpm
Pnpm pnpm
Vendors & Products Pnpm
Pnpm pnpm

Thu, 25 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Description pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. The lockfile does not store the hash of the dependencies from https://codeload.github.com. This means that if this server was compromised or a person's machine configuration was compromised, pnpm would download and install these dependencies. This vulnerability is fixed in 10.33.4 and 11.0.7.
Title pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile
Weaknesses CWE-353
References
Metrics cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-26T02:11:55.249Z

Reserved: 2026-05-26T23:26:07.976Z

Link: CVE-2026-48995

cve-icon Vulnrichment

Updated: 2026-06-26T02:11:48.145Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-25T16:58:57Z

Links: CVE-2026-48995 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-07-14T21:30:16Z

Weaknesses
  • CWE-353

    Missing Support for Integrity Check

  • CWE-494

    Download of Code Without Integrity Check