Pillarjs Path-to-regexp
5 CVEs affecting Pillarjs Path-to-regexp. Latest disclosed: 2026-03-26. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-4926 | High | 7.5 | 2026-03-26 | Impact: A bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated… |
CVE-2026-4867 | High | 7.5 | 2026-03-26 | Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period… |
CVE-2024-45296 | High | 7.5 | 2024-09-09 | path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause… |
CVE-2026-4923 | Medium | 5.9 | 2026-03-26 | Impact: When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtrack… |
CVE-2024-52798 | | 2024-12-05 | path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause… |