npm vulnerability intelligence

glob-parent NPM Package
Vulnerability Check

Extract the non-magic parent path from a glob string.

High severity ISC v6.0.2
Vulnerability Analysis OSV Live

glob-parent

v6.0.2 · ISC · 285,837,913 dl/wk

Advisory Breakdown

Critical 0
High 2
Moderate 0
Low 0

Severity Rating

High severity

2 advisories

High severity

Weekly downloads

285,837,913

Total advisories

2

Latest version

6.0.2

License

ISC

Advisories Package Info Runtime

Known advisories

OSV records for the npm ecosystem

2
GHSA-cj88-88mr-972w BIT-gulp-2021-35065CVE-2021-35065 high

glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service

Affected: >=6.0.0 <6.0.1 Fixed in: 6.0.1 Updated Apr 14, 2025
View source
GHSA-ww39-953v-wcq6 BIT-gulp-2020-28469CVE-2020-28469 high

glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex

Affected: >=4.0.0 <5.1.2 Fixed in: 5.1.2 Updated Jan 14, 2025
View source

Checked May 22, 2026, 7:05 PM from npm and OSV.dev

Package metadata

From the npm registry

Package name
glob-parent
Ecosystem
npm
Latest version
6.0.2
License
ISC
Weekly downloads
285,837,913
Repository
Open repository

Remediation boundary

What RequestGuard does — and doesn't — cover

RequestGuard does not fix npm package vulnerabilities. Dependency remediation happens through package updates, patches, lockfile changes, and maintainer guidance. RequestGuard can help mitigate runtime abuse around exposed web and API flows while remediation is handled separately.

Signup flows
Login attempts
API traffic

Protect runtime flows →

Allow, challenge, review, and block decisions for exposed endpoints.

Data from npm registry and OSV.dev · Checked 5/22/2026, 7:05:42 PM