pkg:npm/@earendil-works/pi-coding-agent

All known vulnerabilities

• HIGH7.3CVE-2026-54328Pi Agent: Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts
  >= 0.74.0, < 0.78.1
• MEDIUM4.4CVE-2026-54325Pi Agent: Pi loads project-local extensions without approval
  from 0, < 0.79.0
• LOW2.5CVE-2026-54326Pi Agent: Potential XSS in HTML session exports via Markdown URL sanitization bypass
  >= 0.74.0, < 0.78.1
• LOW2.2Pi Agent: Race condition in Pi auth.json writes could expose stored credentials
  >= 0.74.0, < 0.78.1