VYPR

npm package

glob

pkg:npm/glob

Vulnerabilities (1)

  • CVE-2025-64756Nov 17, 2025
    affected >= 11.0.0, < 11.1.0fixed 11.1.0

    Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names.