Skip to main content
Loading…
    CVE-2026-24910 — In Bun before 1.3.5, the default trusted dependencies list (aka trust allow list) can be spoofed by a non-npm package in the case of a matching name (for file, link, git, or github). — CVE Database · The Intelligence Room