Minimatch

This hub aggregates every CVE we track for Minimatch, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 5 most recently published vulnerabilities affecting Minimatch.

• CVE-2026-27904minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions7.5Feb 26, 2026
• CVE-2026-27903minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments7.5Feb 26, 2026
• CVE-2026-26996minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern7.5Feb 20, 2026
• CVE-2022-3517A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Den...7.5Oct 17, 2022
• CVE-2016-10540Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier i...7.5May 31, 2018