Micromatch Picomatch
2 CVEs affecting Micromatch Picomatch. Latest disclosed: 2026-03-26. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-33671 | High | 7.5 | 2026-03-26 | Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when p… |
CVE-2026-33672 | Medium | 5.3 | 2026-03-26 | Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POS… |