VYPR
Vendor

Jonschlinkert

Products
8
CVEs
4
Across products
4
Status
Private

Products

8

Recent CVEs

4
  • CVE-2024-57069HigFeb 5, 2025
    risk 0.49cvss 7.5epss 0.00

    A prototype pollution in the lib function of expand-object v0.4.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

  • CVE-2025-3197HigApr 4, 2025
    risk 0.47cvss 7.3epss 0.00

    Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand() function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties…

  • CVE-2026-33671HigMar 26, 2026
    risk 0.42cvss 7.5epss 0.00

    Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when…

  • CVE-2026-33672MedMar 26, 2026
    risk 0.27cvss 5.3epss 0.00

    Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket…