Renovate vulnerable to arbitrary command injection via npm manager and malicious Renovate configuration
Moderate severity
GitHub Reviewed
Published
Jan 13, 2026
in
renovatebot/renovate
•
Updated Jan 13, 2026
Give feedback on Dependabot alerts