PackageGate Vulnerabilities Affect Major JavaScript Package Managers

PackageGate Vulnerabilities Affect Major JavaScript Package Managers

First seen 28 Jan 2026, 20:19 UTC Securityaffairs.CoSecurityaffairs 100% similarity 31.5

Article Content

Browse articles
ThreatCluster

Koi researchers identified a set of vulnerabilities known as 'PackageGate' in NPM, PNPM, VLT, and Bun. These flaws allow attackers to bypass supply chain protections and execute malicious code, posing risks to users of these package managers. Microsoft has also issued emergency updates for a separate Office zero-day vulnerability, CVE-2026-21509.

ThreatCluster AI

Community

Browse all →