The relevant code is the part where you buld a regular expression using a user input, without sanitizing it. You should not do that.
I believe you don't need to use RE at all. you can find matching string using
if item in path or
path.endswith(item) or something like that.
The best option is to use your library:
from os.path import basename
orderedpaths = [ ... if basename(path) == item]
If you insist on using REs, you should escape your input using
orderedpaths = [path for item in target for path in filenames
if re.search(re.escape(item), path)]