Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/minimatch@3.0.1
purl pkg:npm/minimatch@3.0.1
Tags Ghost
Next non-vulnerable version 3.1.4
Latest non-vulnerable version 10.2.3
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-54ed-xy97-e7cq
Aliases:
GMS-2016-36
Regular Expression Denial of Service The primary function, `minimatch(path, pattern)` is vulnerable to ReDoS in the `pattern` parameter. This is because of the regular expression on line of minimatch.js: `/((?:\\{2})*)(\\?)\|/g,`. The problematic portion of the regex is `((?:\\{2})*)` which matches against `//`.
3.0.2
Affected by 4 other vulnerabilities.
VCID-u4v3-87qk-tqb1
Aliases:
CVE-2016-10540
GHSA-hxm2-r34f-qmc5
Improper Input Validation The primary function, `minimatch(path, pattern)` in Minimatch is vulnerable to ReDoS in the `pattern` parameter.
3.0.2
Affected by 4 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:47:42.049415+00:00 GitLab Importer Affected by VCID-u4v3-87qk-tqb1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/minimatch/CVE-2016-10540.yml 38.0.0
2026-04-01T12:47:04.401857+00:00 GitLab Importer Affected by VCID-54ed-xy97-e7cq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/minimatch/GMS-2016-36.yml 38.0.0