Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/path-to-regexp@0.1.12
purl pkg:npm/path-to-regexp@0.1.12
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-2xgj-yjdf-nqeh path-to-regexp contains a ReDoS ### Impact The regular expression that is vulnerable to backtracking can be generated in versions before 0.1.12 of `path-to-regexp`, originally reported in CVE-2024-45296 ### Patches Upgrade to 0.1.12. ### Workarounds Avoid using two parameters within a single path segment, when the separator is not `.` (e.g. no `/:a-:b`). Alternatively, you can define the regex used for both parameters and ensure they do not overlap to allow backtracking. ### References - https://github.com/advisories/GHSA-9wv6-86v2-598j - https://blakeembrey.com/posts/2024-09-web-redos/ CVE-2024-52798
GHSA-rhx6-c78j-4q9w

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-07T04:56:34.767836+00:00 GHSA Importer Fixing VCID-2xgj-yjdf-nqeh https://github.com/advisories/GHSA-rhx6-c78j-4q9w 38.1.0
2026-04-02T12:40:30.976624+00:00 GitLab Importer Fixing VCID-2xgj-yjdf-nqeh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/path-to-regexp/CVE-2024-52798.yml 38.0.0
2026-04-01T12:50:09.516227+00:00 GithubOSV Importer Fixing VCID-2xgj-yjdf-nqeh https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-rhx6-c78j-4q9w/GHSA-rhx6-c78j-4q9w.json 38.0.0