Vulnerable versions of the micromatch package are embedded in: - openSUSE:Factory/python-pydata-sphinx-theme micromatch (4.0.5) Upstream issue: https://github.com/micromatch/micromatch/issues/243