Earendil-works Pi
3 CVEs affecting Earendil-works Pi. Latest disclosed: 2026-06-23. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-54328 | High | 7.3 | 2026-06-23 | Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictable paths unde… |
CVE-2026-54325 | Medium | 4.4 | 2026-06-23 | Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory without first aski… |
CVE-2026-54327 | Low | 2.2 | 2026-06-23 | Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi stored API keys and OAuth credentials in auth.json. A race condition in the file write pa… |