Browse all 4 CVE security advisories affecting micromatch. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Micromatch is a pattern matching library primarily used for string comparison and data validation in software applications. Historically, it has been associated with vulnerabilities such as remote code execution and cross-site scripting due to improper input handling and insecure regular expression implementations. The library's lightweight nature makes it popular for embedded systems and web applications where performance is critical. Security researchers have identified multiple CVEs related to buffer overflows and privilege escalation flaws, particularly in versions prior to 4.0. While no major public incidents have been documented, the consistent discovery of similar vulnerabilities across multiple CVEs suggests ongoing challenges in secure input validation within the library's design.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33672 | Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching — picomatchCWE-1321 | 5.3 | Medium | 2026-03-26 |
| CVE-2026-33671 | Picomatch has a ReDoS vulnerability via extglob quantifiers — picomatchCWE-1333 | 7.5 | High | 2026-03-26 |
This page lists every published CVE security advisory associated with micromatch. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.