npm/path-to-regexp — 5 CVEs

HIGH7.5CVE-2026-4926path-to-regexp vulnerable to Denial of Service via sequential optional groups

>= 8.0.0, < 8.4.0

HIGH7.5CVE-2026-4867path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters

from 0, < 0.1.13

HIGH7.5CVE-2024-52798path-to-regexp contains a ReDoS

from 0, < 0.1.12

HIGH7.5path-to-regexp outputs backtracking regular expressions

>= 0.2.0, < 1.9.0

MEDIUM5.9path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards

>= 8.0.0, < 8.4.0

pkg:npm/path-to-regexp