VYPR

npm package

brace-expansion

pkg:npm/brace-expansion

Vulnerabilities (3)

  • CVE-2026-33750MedMar 27, 2026
    affected >= 4.0.0, < 5.0.5fixed 5.0.5

    The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process

  • CVE-2025-5889LowJun 9, 2025
    affected >= 2.0.0, < 2.0.2fixed 2.0.2

    A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be l

  • CVE-2017-18077HigJan 27, 2018
    affected < 1.1.7fixed 1.1.7

    index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.