glob
66 known vulnerabilities · 0 critical · 1 high
glob CLI: Command injection via -c/--cmd executes matches with shell:true
Malicious code in @tech-global/internal-gateway-core (npm)
Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash
Malicious code in @globalsearch/productstub (npm)
Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
Malicious code in elf-stats-mulled-snowglobe-636 (npm)
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments
Vega XSS via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope
Malicious code in yandex-global-state-controller (npm)
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex
Malicious code in consumer-platform-global-package (npm)
Malicious code in @global-dax-ad-platform/dax-components (npm)
Malicious code in @global-dax-ad-platform/dax-modules (npm)
Malicious code in @global-dax-ad-platform/dax-styles (npm)
Malicious code in okxglobal (npm)
Malicious code in pl-global-ec-uikit (npm)
Malicious code in @the-coca-cola-company/ngps-global-common-utils (npm)
Malicious code in poc-globalleakage (npm)
Malicious code in target-global-mbox (npm)
Malicious code in uq-global-ec-uikit (npm)
Malicious code in elf-stats-sparkly-snowglobe-243 (npm)
Malicious code in dup-glob (npm)
Malicious code in @globes/fetlife-assets (npm)
Malicious code in bsd-global-nav-design-ui (npm)
Malicious code in @partner-global-ui/components (npm)
Malicious code in @globalsearch/abstraction (npm)
Malicious code in @shared-ui/global-navigation-header (npm)
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions
Malicious code in atlas-global-npm (npm)
Malicious code in @global-dax-ad-platform/dax-hooks (npm)
Malicious code in ethglobal-finale (npm)
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion
Malicious code in vitest-globals (npm)
Malicious code in trin-glob (npm)
Malicious code in elf-stats-jolly-snowglobe-266 (npm)
Malicious code in @sellerly-kit/global-error (npm)
Malicious code in npm-global-util (npm)
Malicious code in karma-jasmine-i-global (npm)
Malicious code in ae-global (npm)
Malicious code in @global-dax-ad-platform/dax-types (npm)
Malicious code in brum-global-variable (npm)
Malicious code in shared-global-ec-uikit (npm)
Malicious code in videoplayershakaglobalconfig (npm)
Malicious code in globalize-bundle (npm)
Malicious code in @superbet-group/web.lib.global-styles (npm)
Malicious code in red-bull-global-onboarding (npm)
Malicious code in elf-stats-evergreen-snowglobe-961 (npm)
Malicious code in elf-stats-candystriped-snowglobe-426 (npm)
Malicious code in hyperion-global (npm)
Malicious code in global-order-tracker (npm)
Malicious code in globo-ab-client (npm)
Malicious code in novacredit-global2 (npm)
Malicious code in node-global-win (npm)
Malicious code in @global-dax-ad-platform/dax-utils (npm)
Malicious code in elf-stats-festive-snowglobe-440 (npm)
Malicious code in novacredit-global (npm)
Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage
Malicious code in ghpglobaldata (npm)
Malicious code in hpglobaldata (npm)
Malicious code in @tide-web-apps/global-environments (npm)
Malicious code in elf-stats-storybook-snowglobe-157 (npm)
Malicious code in @global-engineering-shared/gweb-material-global (npm)
Malicious code in rt-global-nav (npm)
Malicious code in gu-global-ec-uikit (npm)