| CVE-2026-45149 |
high |
7.5 |
7.5 |
|
|
|
16d ago |
The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large num… |
| CVE-2025-5889 |
low |
3.1 |
3.1 |
|
|
|
1y ago |
A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The man… |
| CVE-2026-33750 |
unknown |
— |
— |
|
|
|
2mo ago |
The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2.… |
| CVE-2017-18077 |
unknown |
— |
— |
|
|
|
9y ago |
index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters. |
