Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

163 New today

65,709 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

Jun 26

Critical

High

Medium

Low

Latest

CVE CVSS 6.9

jq: potential integer overflow in jvp_string_append_CVE-2026-54679

jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvp_string_append has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2.

CVE-2026-54679 jqlang jq < 1.8.2

Jun 25, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.8	CVE-2026-50573	pnpm: Unsafe default behavior breaks integrity check_CVE-2026-50573 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, `pnpm install` in non-frozen mode can accept new remote package content after detecting tha...	pnpm	pnpm < 10.33.4	Jun 25, 2026	CVE
MEDIUM 6.8	CVE-2026-50021	pnpm: Integrity Check Bypass via Missing Lockfile Integrity Field_CVE-2026-50021 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is a...	pnpm	pnpm < 10.34.0	Jun 25, 2026	CVE
MEDIUM 6.9	CVE-2026-50017	pnpm binds unscoped user-level npm auth credentials to a repository-selected registry_CVE-2026-50017 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a ...	pnpm	pnpm < 10.33.4	Jun 25, 2026	CVE
HIGH 8.8	CVE-2026-50016	pnpm: Transitive dependency alias path traversal allows project path override via symlink replacement_CVE-2026-50016 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain path tr...	pnpm	pnpm < 10.33.4	Jun 25, 2026	CVE
HIGH 7.3	CVE-2026-50015	pnpm: Arbitrary File Write/Delete via Malicious Patch File (Path Traversal)_CVE-2026-50015 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline (@pnpm/patch-package) performs no path validation on file...	pnpm	pnpm < 10.33.4	Jun 25, 2026	CVE
MEDIUM 6.4	CVE-2026-50014	pnpm: Git Fetch Argument Injection via Lockfile resolution.commit_CVE-2026-50014 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- s...	pnpm	pnpm < 10.33.4	Jun 25, 2026	CVE
HIGH 7.1	CVE-2026-49839	jq –rawfile invalid-state reuse after String too long causes heap-buffer-overflow_CVE-2026-49839 jq is a command-line JSON processor. Prior to 1.8.2,` jq --rawfile` can turn a handled oversized-string error into invalid-state reuse and a real h...	jqlang	jq < 1.8.2	Jun 25, 2026	CVE
MEDIUM 4.8	CVE-2026-48995	pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile_CVE-2026-48995 pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will in...	pnpm	pnpm < 10.33.4	Jun 25, 2026	CVE
MEDIUM 6.8	CVE-2026-47770	jq: stack overflow in deep structural equality_CVE-2026-47770 jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on j...	jqlang	jq < 1.8.2	Jun 25, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

jq: potential integer overflow in jvp_string_append_CVE-2026-54679

Recent Advisories

pnpm: Unsafe default behavior breaks integrity check_CVE-2026-50573

pnpm: Integrity Check Bypass via Missing Lockfile Integrity Field_CVE-2026-50021

pnpm binds unscoped user-level npm auth credentials to a repository-selected registry_CVE-2026-50017

pnpm: Transitive dependency alias path traversal allows project path override via symlink replacement_CVE-2026-50016

pnpm: Arbitrary File Write/Delete via Malicious Patch File (Path Traversal)_CVE-2026-50015

pnpm: Git Fetch Argument Injection via Lockfile resolution.commit_CVE-2026-50014

jq –rawfile invalid-state reuse after String too long causes heap-buffer-overflow_CVE-2026-49839

pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile_CVE-2026-48995

jq: stack overflow in deep structural equality_CVE-2026-47770

Protect Your Attack Surface with RedGem

Security Intelligence
Feed