path-to-regexp (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package path-to-regexp, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2024-52798: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be…
CVE-2024-45296 — CVSS 7.5 (high): path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be…
CVE-2026-4867 — CVSS 7.5 (high): Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something…
CVE-2026-4926 — CVSS 7.5 (high): Impact: A bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as…
CVE-2026-4923 — CVSS 5.9 (medium): Impact: When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to…