ROOT-APP-NPM-CVE-2026-27904 CVE-2026-27904 in @rootio/minimatch - Patched by Root

Root has patched CVE-2026-27904 in the @rootio/minimatch package for Root:npm. Multiple fixed versions available...

nodejs:24 security update

An update is available for nodejs, module.nodejs-packaging, nodejs-packaging, module.nodejs, nodejs-nodemon, module.nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

@adobe-apimesh/mesh-builder (=1.4.0-beta.5), @akylas/nativescript-cli (>=8.7.2 <=8.8.2) +328 more potentially affected by CVE-2026-26996 via minimatch (>=7.0.0 <=7.4.6)

minimatch NPM version =7.0.0, =8.7.2, =5.5.0-682, =0.0.5, =0.0.6, =3.6.0, =2.6.0, =2.5.0, =3.6.0, =4.6.0, =1.11.0, =4.0.0, =2.0.7, =2.0.4, =1.2.1, =1.3.1 and more Source cves: CVE-2026-26996 Source advisory: SNYK:JS-MINIMATCH-15309438...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the AST class, caused by catastrophic backtracking when an input string contains many characters in a row, followed by an unmatched...

UBUNTU-CVE-2016-10540

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatchpath, pattern in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter...

[SECURITY] Fedora 18 Update: nodejs-glob-3.2.3-1.fc18

This is a glob implementation in pure JavaScript. It uses the minimatch lib rary to do its matching...