Jonschlinkert Picomatch — known CVE vulnerabilities
Every CVE whose affected-product data names Jonschlinkert Picomatch, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2026-33671 — CVSS 7.5 (high): Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of…
CVE-2026-33672 — CVSS 5.3 (medium): Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection…