{"ecosystem":"npm","package":"glob-parent","version":null,"bugs":[{"id":302,"ecosystem":"npm","package_name":"glob-parent","affected_version":"4.0.0","fixed_version":"5.1.2","bug_id":"osv:GHSA-ww39-953v-wcq6","title":"glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex","description":"This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.","severity":"high","status":"fixed","source":"osv","source_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28469","labels":["BIT-gulp-2020-28469","CVE-2020-28469"],"created_at":"2026-04-19 04:31:01.150006+00:00","updated_at":"2026-04-19 04:31:01.150006+00:00"},{"id":301,"ecosystem":"npm","package_name":"glob-parent","affected_version":"6.0.0","fixed_version":"6.0.1","bug_id":"osv:GHSA-cj88-88mr-972w","title":"glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service","description":"glob-parent 6.0.0 is vulnerable to Regular Expression Denial of Service (ReDoS). This issue is fixed in version 6.0.1.\n\nThis vulnerability is separate from [GHSA-ww39-953v-wcq6](https://github.com/advisories/GHSA-ww39-953v-wcq6).","severity":"high","status":"fixed","source":"osv","source_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-35065","labels":["BIT-gulp-2021-35065","CVE-2021-35065"],"created_at":"2026-04-19 04:31:01.148912+00:00","updated_at":"2026-04-19 04:31:01.148912+00:00"}],"total":2,"_cache":"hit"}