OsVault/npm/minimatch
npm

minimatch

4 known vulnerabilities · 0 critical · 1 high

CVE-2026-27903

minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments

Published Feb 26, 2026
CVE-2016-10540HIGH

Regular Expression Denial of Service in minimatch

Published Oct 9, 2018
CVE-2026-27904

minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions

Published Feb 26, 2026
CVE-2026-26996

minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern

Published Feb 18, 2026
Check your entire dependency tree at onceRun dependency scan →