VYPR

npm package

@isaacs/brace-expansion

pkg:npm/%40isaacs/brace-expansion

Vulnerabilities (1)

  • CVE-2026-25547CriFeb 4, 2026
    affected < 5.0.1fixed 5.0.1

    @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated nume