Lucene search
+L

374 matches found

OSV
OSV
added 2026/02/20 3:5 a.m.5 views

CVE-2026-26996 minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appea...

8.7CVSS5.3AI score0.00519EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

minimatch 安全漏洞

Minimatch is a global matcher in JavaScript developed by Isaacs. Versions of Minimatch 10.2.0 and earlier contained security vulnerabilities; these vulnerabilities stemmed from a regular expression denial-of-service vulnerability when processing glob patterns that contained multiple consecutive...

8.7CVSS6.9AI score0.00519EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/02/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-26996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular...

8.7CVSS6.6AI score0.00519EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2026/02/18 10:38 p.m.11 views

10up-toolkit (>=6.0.0 <=6.5.0-next.1), @0ti.me/ts-test-deps (=0.2.0) +6494 more potentially affected by CVE-2026-26996 via minimatch (>=9.0.0 <=9.0.5)

minimatch NPM version =9.0.0, =6.0.0, =1.1.0-pre.1, =1.4.0, =9.1.0, =1.17.3-testing-284.48.0, =1.0.0, =1.1.6, =0.0.0-alpha.1aa37fb04f1f, =1.1.3, =1.0.6, =1.0.25 and more Source cves: CVE-2026-26996 Source advisory: OSV:GHSA-3PPC-4F35-3M26...

8.7CVSS6.6AI score0.00519EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/18 10:38 p.m.4 views

10up-toolkit (>=6.0.0 <=6.5.0-next.1), @0ti.me/ts-test-deps (=0.2.0) +6494 more potentially affected by CVE-2026-26996 via minimatch (>=9.0.0 <=9.0.5)

minimatch NPM version =9.0.0, =6.0.0, =1.1.0-pre.1, =1.4.0, =9.1.0, =1.17.3-testing-284.48.0, =1.0.0, =1.1.6, =0.0.0-alpha.1aa37fb04f1f, =1.1.3, =1.0.6, =1.0.25 and more Source cves: CVE-2026-26996 Source advisory: SNYK:JS-MINIMATCH-15309438...

8.7CVSS6.6AI score0.00519EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/18 10:38 p.m.5 views

@graphql-mesh/plugin-rate-limit (>=0.2.23 <=1.0.0-alpha-20230524103718-9e72bdbec), @graphql-mesh/plugin-snapshot (>=0.1.24 <=1.0.0-alpha-20230524103718-9e72bdbec) +13 more potentially affected by CVE-2026-26996 via minimatch (>=8.0.2 <=8.0.4)

minimatch NPM version =8.0.2, =0.2.23, =0.1.24, =0.15.24, =2.0.0-beta.0, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =1.6.0, =1.4.1, =1.4.4 Source cves: CVE-2026-26996 Source advisory: SNYK:JS-MINIMATCH-15309438...

8.7CVSS6.8AI score0.00519EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/18 10:38 p.m.11 views

@aadarshjr/reweb-js (>=1.0.7 <=1.0.17), @acentswap/ace-core-trial (>=10.4.0 <=10.7.0) +869 more potentially affected by CVE-2026-26996 via minimatch (>=5.0.0 <=5.1.6)

minimatch NPM version =5.0.0, =1.0.7, =10.4.0, =9.0.0, =10.0.0, =10.0.0, =10.5.0, =10.4.0, =0.4.13, =2.3.0, =2.3.0, =2.2.1, =2.2.1, =2.2.2 - @aid-on/aidify =0.1.2 and more Source cves: CVE-2026-26996 Source advisory: OSV:GHSA-3PPC-4F35-3M26...

8.7CVSS6.6AI score0.00519EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/18 10:38 p.m.6 views

@aadarshjr/reweb-js (>=1.0.7 <=1.0.17), @acentswap/ace-core-trial (>=10.4.0 <=10.7.0) +869 more potentially affected by CVE-2026-26996 via minimatch (>=5.0.0 <=5.1.6)

minimatch NPM version =5.0.0, =1.0.7, =10.4.0, =9.0.0, =10.0.0, =10.0.0, =10.5.0, =10.4.0, =0.4.13, =2.3.0, =2.3.0, =2.2.1, =2.2.1, =2.2.2 - @aid-on/aidify =0.1.2 and more Source cves: CVE-2026-26996 Source advisory: SNYK:JS-MINIMATCH-15309438...

8.7CVSS6.6AI score0.00519EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/18 10:38 p.m.4 views

02strich-markdown (>=1.0.0 <=1.0.2), @0xintuition/slang-cli (>=0.0.1 <=0.0.8) +1940 more potentially affected by CVE-2026-26996 via minimatch (>=4.1.1 <=4.2.3)

minimatch NPM version =4.1.1, =1.0.0, =0.0.1, =0.5.2, =5.0.2, =2.2.0, =1.1.4, =1.3.1, =1.0.0, =0.0.2-alpha-20220914223128-d706aab, =0.0.2-alpha-20220915073207-1bb0680, =0.0.2-alpha-20220914223128-d706aab, =1.1.8, =1.0.0, =1.5.0 and more Source cves: CVE-2026-26996 Source advisory:...

8.7CVSS6.6AI score0.00519EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/18 10:38 p.m.7 views

@0x590fab/sdcor2 (>=4.2.1 <=4.4.0), @cenk1cenk2/renovate-config (>=2.2.33 <=2.3.94) +22 more potentially affected by CVE-2026-26996 via minimatch (>=6.0.0 <=6.2.0)

minimatch NPM version =6.0.0, =4.2.1, =2.2.33, =0.2.6-alpha-20230114225627-66f5d9eac, =0.1.7-alpha-20230114225627-66f5d9eac, =0.15.7-alpha-20230114225627-66f5d9eac, =0.1.0, =3.108.8--canary.1.4727068200.0, =0.0.0, =1.12.0, =1.0.0, =0.36.6, =0.36.6, =0.39.3-0 - editorconfig =1.0.2 and more Source...

8.7CVSS6.8AI score0.00519EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/18 10:38 p.m.14 views

02strich-markdown (>=1.0.0 <=1.0.2), @0xintuition/slang-cli (>=0.0.1 <=0.0.8) +1940 more potentially affected by CVE-2026-26996 via minimatch (>=4.1.1 <=4.2.3)

minimatch NPM version =4.1.1, =1.0.0, =0.0.1, =0.5.2, =5.0.2, =2.2.0, =1.1.4, =1.3.1, =1.0.0, =0.0.2-alpha-20220914223128-d706aab, =0.0.2-alpha-20220915073207-1bb0680, =0.0.2-alpha-20220914223128-d706aab, =1.1.8, =1.0.0, =1.5.0 and more Source cves: CVE-2026-26996 Source advisory:...

8.7CVSS6.6AI score0.00519EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/18 10:38 p.m.19 views

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 02.aula (=1.0.0) +55728 more potentially affected by CVE-2026-26996 via minimatch (>=3.0.0 <=3.1.2)

minimatch NPM version =3.0.0, =1.0.1, =1.1.0 - 02.aula =1.0.0 - 0726react =0.1.1 - 08cms =1.0.0 - 0x0.icu.anima =0.1.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 -...

8.7CVSS6.6AI score0.00519EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/18 10:38 p.m.5 views

@adobe-apimesh/mesh-builder (=1.4.0-beta.5), @akylas/nativescript-cli (>=8.7.2 <=8.8.2) +316 more potentially affected by CVE-2026-26996 via minimatch (>=7.0.0 <=7.4.6)

minimatch NPM version =7.0.0, =8.7.2, =5.5.0-682, =0.0.6, =3.6.0, =2.6.0, =2.5.0, =3.6.0, =4.6.0, =1.11.0, =4.0.0, =2.0.7, =2.0.4, =1.2.1, =1.3.1 - @digit-ui/digit-ui-module-common =1.3.0 and more Source cves: CVE-2026-26996 Source advisory: OSV:GHSA-3PPC-4F35-3M26...

8.7CVSS6.6AI score0.00519EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/18 10:38 p.m.7 views

@adobe-apimesh/mesh-builder (=1.4.0-beta.5), @akylas/nativescript-cli (>=8.7.2 <=8.8.2) +316 more potentially affected by CVE-2026-26996 via minimatch (>=7.0.0 <=7.4.6)

minimatch NPM version =7.0.0, =8.7.2, =5.5.0-682, =0.0.6, =3.6.0, =2.6.0, =2.5.0, =3.6.0, =4.6.0, =1.11.0, =4.0.0, =2.0.7, =2.0.4, =1.2.1, =1.3.1 - @digit-ui/digit-ui-module-common =1.3.0 and more Source cves: CVE-2026-26996 Source advisory: SNYK:JS-MINIMATCH-15309438...

8.7CVSS6.6AI score0.00519EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/18 10:38 p.m.6 views

@0x590fab/sdcor2 (>=4.2.1 <=4.4.0), @cenk1cenk2/renovate-config (>=2.2.33 <=2.3.94) +22 more potentially affected by CVE-2026-26996 via minimatch (>=6.0.0 <=6.2.0)

minimatch NPM version =6.0.0, =4.2.1, =2.2.33, =0.2.6-alpha-20230114225627-66f5d9eac, =0.1.7-alpha-20230114225627-66f5d9eac, =0.15.7-alpha-20230114225627-66f5d9eac, =0.1.0, =3.108.8--canary.1.4727068200.0, =0.0.0, =1.12.0, =1.0.0, =0.36.6, =0.36.6, =0.39.3-0 - editorconfig =1.0.2 and more Source...

8.7CVSS6.8AI score0.00519EPSS
Exploits1
Snyk
Snyk
added 2026/02/18 10:38 p.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the AST class, caused by catastrophic backtracking when an input string contains many characters in a row, followed by an unmatched...

8.7CVSS5.8AI score0.00519EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/18 10:38 p.m.12 views

Regular Expression Denial of Service (ReDoS)

Overview minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the AST class, caused by catastrophic backtracking when an input string contains many characters in a row, followed by an unmatched character. Detail...

8.7CVSS5.5AI score0.00519EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/02/18 10:38 p.m.7 views

@graphql-mesh/plugin-rate-limit (>=0.2.23 <=1.0.0-alpha-20230524103718-9e72bdbec), @graphql-mesh/plugin-snapshot (>=0.1.24 <=1.0.0-alpha-20230524103718-9e72bdbec) +13 more potentially affected by CVE-2026-26996 via minimatch (>=8.0.2 <=8.0.4)

minimatch NPM version =8.0.2, =0.2.23, =0.1.24, =0.15.24, =2.0.0-beta.0, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =1.6.0, =1.4.1, =1.4.4 Source cves: CVE-2026-26996 Source advisory: OSV:GHSA-3PPC-4F35-3M26...

8.7CVSS6.8AI score0.00519EPSS
Exploits1
OSV
OSV
added 2026/02/18 10:38 p.m.4 views

GHSA-3PPC-4F35-3M26 minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern

Summary minimatch is vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string. Each compiles to a separate ^/? regex group, and when the match fails, V8's regex engine...

8.7CVSS5.9AI score0.00519EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/18 10:38 p.m.174 views

minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern

Summary minimatch is vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string. Each compiles to a separate ^/? regex group, and when the match fails, V8's regex engine...

8.7CVSS5.3AI score0.00519EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder