An open index of dependabot pull requests across open source projects.

minimatch

Ecosystem:
npm
Package URL:
pkg:npm/minimatch
Total PRs:
30,833 Dependabot PRs
Latest PR:
4 days ago
Unique Repositories:
16,568 repositories
Unique Repos (30 days):
50 repositories
Security Advisories
minimatch ReDoS vulnerability
GHSA-f8q6-p94x-37v3 CVE-2022-3517 HIGH published over 3 years ago • updated 23 days ago
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand fu...
Regular Expression Denial of Service in minimatch
GHSA-hxm2-r34f-qmc5 CVE-2016-10540 HIGH published almost 8 years ago • updated 23 days ago
Affected versions of `minimatch` are vulnerable to regular expression denial of service attacks when user input is passed into the `pattern` argume...
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions
GHSA-23c5-xmqv-rm74 CVE-2026-27904 HIGH published 5 months ago • updated 3 days ago
### Summary Nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtrackin...
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments
GHSA-7r86-cg39-jmmj CVE-2026-27903 HIGH published 5 months ago • updated 16 days ago
### Summary `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and...
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern
GHSA-3ppc-4f35-3m26 CVE-2026-26996 HIGH published 5 months ago • updated 1 day ago
### Summary `minimatch` is vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive `*` wildcards f...
Recent PRs
Package Details
Name: minimatch
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/minimatch
JSON API: View JSON
Security Advisories

5

Active advisories
HIGH 5
View All npm Advisories
Package Information
Description:

a glob matcher in javascript

Repository: https://github.com/isaacs/minimatch
Homepage: https://github.com/isaacs/minimatch#readme
Latest Release: 10.0.1
about 2 years ago
Dependent Repos: 2,198,462
Dependent Packages: 9,743
Downloads: 1,223,937,395
Ranking: Top 0.0126% by dependent repos Top 0.0004% by downloads Top 0.0099% by dependent pkgs
PR Status
Open 12,676 (41.1%)
Merged 240 (0.8%)
Closed 17,799 (57.7%)
PR Types
Major 809 (2.6%)
Minor 8,985 (29.1%)
Patch 20,826 (67.5%)
Removal 64 (0.2%)