A package manager vulnerability summary is presented in this article, highlighting the risks of Command Injection, Argument Injection, and Untrusted Search Path vulnerabilities. These vulnerabilities can be exploited by attackers to compromise developer machines, steal or modify sensitive data, and inject malicious code into products. The article provides examples of how these vulnerabilities can occur and suggests ways to avoid them, such as using command strings with argument lists instead of command strings, ensuring that no double-wrapping happens, and running commands in safe directories on Windows. The article also reports the discovery of these vulnerabilities in popular package managers, including Composer, Yarn, pnpm, Bower, Poetry, pip, and pipenv, and provides a timeline of when each issue was reported and fixed.