minimatch — CVE history (npm)

minimatch

5 CVEs affect the minimatch npm package (highest CVSS 7.5). Latest disclosed: 2026-02-26. Full CVE history sourced from NVD.

Summary

Package
minimatch (npm)
Total CVEs
5
Actively exploited (CISA KEV)
0
Highest CVSS
7.5
Latest disclosed
2026-02-26

Recent CVEs (top 5)

CVESeverityCVSSKEVPublishedSummary
CVE-2026-27904High7.52026-02-26minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects.
CVE-2026-27903High7.52026-02-26minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects.
CVE-2026-26996High7.52026-02-20minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects.
CVE-2022-3517High7.52022-10-17A vulnerability was found in the minimatch package.
CVE-2016-10540High7.52018-05-31Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects.

All-time worst (top 5 by CVSS)

CVESeverityCVSSKEVPublishedSummary
CVE-2026-27904High7.52026-02-26minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects.
CVE-2026-27903High7.52026-02-26minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects.
CVE-2026-26996High7.52026-02-20minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects.
CVE-2022-3517High7.52022-10-17A vulnerability was found in the minimatch package.
CVE-2016-10540High7.52018-05-31Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects.