@nestjs/core -> path-to-regexp : CVE-2026-4923, CVE-2026-4926

Hello,

`npm audit` warn about `3 high severity vulnerabilities` coming from `path-to-regexp` through `@nestjs/core`.

CVE : 
- [CVE-2026-4923](https://github.com/advisories/GHSA-27v5-c462-wpq7)
- [CVE-2026-4926](https://github.com/advisories/GHSA-j3q9-mxjg-w52f)

Fix version (8.4.0) is available from [path-to-regexp](https://www.npmjs.com/package/path-to-regexp).

Waiting for new [@nestjs/core](https://github.com/nestjs/nest/releases) version (>11.17.1) which used `path-to-regexp@8.4.0`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

@nestjs/core -> path-to-regexp : CVE-2026-4923, CVE-2026-4926 #1182

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

@nestjs/core -> path-to-regexp : CVE-2026-4923, CVE-2026-4926 #1182

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions