67 matches found
@10xsai/cloudflare-router-nx-plugin (=1.0.0), @4itech/schematics (>=11.7.1 <=11.7.6) +977 more potentially affected by CVE-2026-33672 via picomatch (>=4.0.1 <=4.0.3)
picomatch NPM version =4.0.1, =11.7.1, =1.2.0, =8.3.0, =1.0.25, =0.0.47, =10.0.0, =10.0.0, =13.0.0, =10.0.0, =0.0.1-development, =0.0.1, =2.0.0, =1.0.57, =1.0.100 and more Source cves: CVE-2026-33672 Source advisory: SNYK:JS-PICOMATCH-15765513...
4itech-schematics (>=11.3.0 <=11.7.0-5), @4itech/schematics (=11.7.0) +71 more potentially affected by CVE-2026-33672 via picomatch (=3.0.1)
picomatch NPM version =3.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on picomatch and may be impacted: - 4itech-schematics =11.3.0, =10.0.0-alpha.1, =10.0.0-alpha.1, =10.0.0-alpha.1, =0.1700.0, =0.1700.0, =17.0.0, =0.1700.0, =17.0.0, =17.0.0,...
4itech-schematics (>=11.0.0 <=11.3.0-1), @142vip/midway (>=0.1.6-alpha.2 <=0.1.6-alpha.12) +570 more potentially affected by CVE-2026-33672 via picomatch (>=2.1.1 <=2.3.1)
picomatch NPM version =2.1.1, =11.0.0, =0.1.6-alpha.2, =7.4.1, =0.0.1, =1.0.1, =0.0.2, =2.0.0, =9.0.0, =9.2.0-alpha.9, =9.2.0-alpha.9, =1.0.101, =1.1.0, =1.4.1 and more Source cves: CVE-2026-33672 Source advisory: SNYK:JS-PICOMATCH-15765513...
@10xsai/cloudflare-router-nx-plugin (=1.0.0), @4itech/schematics (>=11.7.1 <=11.7.6) +977 more potentially affected by CVE-2026-33672 via picomatch (>=4.0.1 <=4.0.3)
picomatch NPM version =4.0.1, =11.7.1, =1.2.0, =8.3.0, =1.0.25, =0.0.47, =10.0.0, =10.0.0, =13.0.0, =10.0.0, =0.0.1-development, =0.0.1, =2.0.0, =1.0.57, =1.0.100 and more Source cves: CVE-2026-33672 Source advisory: OSV:GHSA-3V7F-55P6-F55P...
4itech-schematics (>=11.3.0 <=11.7.0-5), @4itech/schematics (=11.7.0) +71 more potentially affected by CVE-2026-33672 via picomatch (=3.0.1)
picomatch NPM version =3.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on picomatch and may be impacted: - 4itech-schematics =11.3.0, =10.0.0-alpha.1, =10.0.0-alpha.1, =10.0.0-alpha.1, =0.1700.0, =0.1700.0, =17.0.0, =0.1700.0, =17.0.0, =17.0.0,...
4itech-schematics (>=11.0.0 <=11.3.0-1), @142vip/midway (>=0.1.6-alpha.2 <=0.1.6-alpha.12) +572 more potentially affected by CVE-2026-33672 via picomatch (>=1.2.0 <=2.3.1)
picomatch NPM version =1.2.0, =11.0.0, =0.1.6-alpha.2, =7.4.1, =0.0.1, =1.0.1, =0.0.2, =2.0.0, =9.0.0, =9.2.0-alpha.9, =9.2.0-alpha.9, =1.0.101, =1.1.0, =1.4.1 and more Source cves: CVE-2026-33672 Source advisory: OSV:GHSA-3V7F-55P6-F55P...
org.webjars.npm:angular-devkit__architect (=0.1902.8), org.webjars.npm:angular-devkit__core (=19.2.8) +2 more potentially affected by CVE-2026-33672 via org.webjars.npm:picomatch (=4.0.2)
org.webjars.npm:picomatch MAVEN version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:picomatch and may be impacted: - org.webjars.npm:angular-devkitarchitect =0.1902.8 - org.webjars.npm:angular-devkitcore =19.2.8 -...
Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
Impact picomatch is vulnerable to a method injection vulnerability CWE-1321 affecting the POSIXREGEXSOURCE object. Because the object inherits from Object.prototype, specially crafted POSIX bracket expressions e.g., :constructor: can reference inherited method names. These methods are implicitly...
@10xsai/cloudflare-router-nx-plugin (=1.0.0), @4itech/schematics (>=11.7.1 <=11.7.6) +977 more potentially affected by CVE-2026-33671 via picomatch (>=4.0.1 <=4.0.3)
picomatch NPM version =4.0.1, =11.7.1, =1.2.0, =8.3.0, =1.0.25, =0.0.47, =10.0.0, =10.0.0, =13.0.0, =10.0.0, =0.0.1-development, =0.0.1, =2.0.0, =1.0.57, =1.0.100 and more Source cves: CVE-2026-33671 Source advisory: OSV:GHSA-C2C7-RCM5-VVQJ...
4itech-schematics (>=11.3.0 <=11.7.0-5), @4itech/schematics (=11.7.0) +71 more potentially affected by CVE-2026-33671 via picomatch (=3.0.1)
picomatch NPM version =3.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on picomatch and may be impacted: - 4itech-schematics =11.3.0, =10.0.0-alpha.1, =10.0.0-alpha.1, =10.0.0-alpha.1, =0.1700.0, =0.1700.0, =17.0.0, =0.1700.0, =17.0.0, =17.0.0,...
@10xsai/cloudflare-router-nx-plugin (=1.0.0), @4itech/schematics (>=11.7.1 <=11.7.6) +977 more potentially affected by CVE-2026-33671 via picomatch (>=4.0.1 <=4.0.3)
picomatch NPM version =4.0.1, =11.7.1, =1.2.0, =8.3.0, =1.0.25, =0.0.47, =10.0.0, =10.0.0, =13.0.0, =10.0.0, =0.0.1-development, =0.0.1, =2.0.0, =1.0.57, =1.0.100 and more Source cves: CVE-2026-33671 Source advisory: SNYK:JS-PICOMATCH-15765511...
4itech-schematics (>=11.3.0 <=11.7.0-5), @4itech/schematics (=11.7.0) +71 more potentially affected by CVE-2026-33671 via picomatch (=3.0.1)
picomatch NPM version =3.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on picomatch and may be impacted: - 4itech-schematics =11.3.0, =10.0.0-alpha.1, =10.0.0-alpha.1, =10.0.0-alpha.1, =0.1700.0, =0.1700.0, =17.0.0, =0.1700.0, =17.0.0, =17.0.0,...
4itech-schematics (>=11.0.0 <=11.3.0-1), @142vip/midway (>=0.1.6-alpha.2 <=0.1.6-alpha.12) +570 more potentially affected by CVE-2026-33671 via picomatch (>=2.1.1 <=2.3.1)
picomatch NPM version =2.1.1, =11.0.0, =0.1.6-alpha.2, =7.4.1, =0.0.1, =1.0.1, =0.0.2, =2.0.0, =9.0.0, =9.2.0-alpha.9, =9.2.0-alpha.9, =1.0.101, =1.1.0, =1.4.1 and more Source cves: CVE-2026-33671 Source advisory: SNYK:JS-PICOMATCH-15765511...
org.webjars.npm:angular-devkit__architect (=0.1902.8), org.webjars.npm:angular-devkit__core (=19.2.8) +2 more potentially affected by CVE-2026-33671 via org.webjars.npm:picomatch (=4.0.2)
org.webjars.npm:picomatch MAVEN version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:picomatch and may be impacted: - org.webjars.npm:angular-devkitarchitect =0.1902.8 - org.webjars.npm:angular-devkitcore =19.2.8 -...
4itech-schematics (>=11.0.0 <=11.3.0-1), @142vip/midway (>=0.1.6-alpha.2 <=0.1.6-alpha.12) +572 more potentially affected by CVE-2026-33671 via picomatch (>=1.2.0 <=2.3.1)
picomatch NPM version =1.2.0, =11.0.0, =0.1.6-alpha.2, =7.4.1, =0.0.1, =1.0.1, =0.0.2, =2.0.0, =9.0.0, =9.2.0-alpha.9, =9.2.0-alpha.9, =1.0.101, =1.1.0, =1.4.1 and more Source cves: CVE-2026-33671 Source advisory: OSV:GHSA-C2C7-RCM5-VVQJ...
GHSA-C2C7-RCM5-VVQJ Picomatch has a ReDoS vulnerability via extglob quantifiers
Impact picomatch is vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that c...
Picomatch has a ReDoS vulnerability via extglob quantifiers
Impact picomatch is vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that c...
PT-2026-28172
Name of the Vulnerable Software and Affected Versions Picomatch versions prior to 4.0.4 Picomatch versions prior to 3.0.2 Picomatch versions prior to 2.3.2 Description Picomatch, a glob matcher written in JavaScript, is susceptible to Regular Expression Denial of Service ReDoS when processing...
PT-2026-28173
Name of the Vulnerable Software and Affected Versions Picomatch versions prior to 4.0.4 Picomatch versions prior to 3.0.2 Picomatch versions prior to 2.3.2 Description Picomatch, a JavaScript glob matcher, contains a flaw where specially crafted POSIX bracket expressions, such as :constructor:, c...
Vite's `server.fs.deny` did not deny requests for patterns with directories.
Summary Vite dev server option server.fs.deny did not deny requests for patterns with directories. An example of such a pattern is /foo//. Impact Only apps setting a custom server.fs.deny that includes a pattern with directories, and explicitly exposing the Vite dev server to the network using...