minimatch — CVE history (npm)
minimatch
5 CVEs affect the minimatch npm package (highest CVSS 7.5). Latest disclosed: 2026-02-26. Full CVE history sourced from NVD.
Summary
- Package
minimatch(npm)- Total CVEs
5- Actively exploited (CISA KEV)
- 0
- Highest CVSS
7.5- Latest disclosed
- 2026-02-26
Recent CVEs (top 5)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-27904 | High | 7.5 | — | 2026-02-26 | minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. |
CVE-2026-27903 | High | 7.5 | — | 2026-02-26 | minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. |
CVE-2026-26996 | High | 7.5 | — | 2026-02-20 | minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. |
CVE-2022-3517 | High | 7.5 | — | 2022-10-17 | A vulnerability was found in the minimatch package. |
CVE-2016-10540 | High | 7.5 | — | 2018-05-31 | Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. |
All-time worst (top 5 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-27904 | High | 7.5 | — | 2026-02-26 | minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. |
CVE-2026-27903 | High | 7.5 | — | 2026-02-26 | minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. |
CVE-2026-26996 | High | 7.5 | — | 2026-02-20 | minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. |
CVE-2022-3517 | High | 7.5 | — | 2022-10-17 | A vulnerability was found in the minimatch package. |
CVE-2016-10540 | High | 7.5 | — | 2018-05-31 | Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. |