glob-parent

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting glob-parentpage 1 of 1

CVE-2020-28469MEDIUMCVSS 5.3EG 5.3✓ Fixed in 5.1.2
2021-06-03
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
CVE-2021-35065HIGHCVSS 7.5EG 7.5✓ Fixed in 6.0.1
2022-12-26
vulnerable: 6.0.0
The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.

Check whether glob-parent is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for glob-parent CVEs against the assets you own.

Start Free Scan →