VulnerableCode Package Details - pkg:npm/class-validator@0.14.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/class-validator@0.14.0

Essentials
History (2)

purl	pkg:npm/class-validator@0.14.0

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-cv8f-wc36-eyb3	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') In TypeStack class-validat, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented and thus most developers configure input validation in the vulnerable default manner. With this vulnerability, attackers can launch SQL Injection or XSS attacks by injecting arbitrary malicious input. NOTE: a software maintainer agrees with the "is not documented" finding but suggests that much of the responsibility for the risk lies in a different product.	CVE-2019-18413 GHSA-fj58-h2fr-3pp2

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-07T20:47:33.337154+00:00	GHSA Importer	Fixing	VCID-cv8f-wc36-eyb3	https://github.com/advisories/GHSA-fj58-h2fr-3pp2	38.6.0
2026-06-04T17:25:18.883947+00:00	GithubOSV Importer	Fixing	VCID-cv8f-wc36-eyb3	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-fj58-h2fr-3pp2/GHSA-fj58-h2fr-3pp2.json	38.6.0