VulnerableCode Package Details - pkg:npm/npm-user-validate@1.0.1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-khpz-njyn-5qd1	Regular Expression Denial of Service in npm-user-validate `npm-user-validate` before version `1.0.1` is vulnerable to a Regular Expression Denial of Service (REDos). The regex that validates user emails took exponentially longer to process long input strings beginning with `@` characters. ### Impact The issue affects the `email` function. If you use this function to process arbitrary user input with no character limit the application may be susceptible to Denial of Service. ### Patches The issue is patched in version 1.0.1 by improving the regular expression used and also enforcing a 254 character limit. ### Workarounds Restrict the character length to a reasonable degree before passing a value to `.emal()`; Also, consider doing a more rigorous sanitizing/validation beforehand.	GHSA-xgh6-85xh-479p
VCID-v5h1-gpt1-97bj	Regular expression denial of service in npm-user-validate This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.	CVE-2020-7754 GHSA-pw54-mh39-w3hc

Vulnerability

Summary

Aliases

VCID-khpz-njyn-5qd1

Regular Expression Denial of Service in npm-user-validate `npm-user-validate` before version `1.0.1` is vulnerable to a Regular Expression Denial of Service (REDos). The regex that validates user emails took exponentially longer to process long input strings beginning with `@` characters. ### Impact The issue affects the `email` function. If you use this function to process arbitrary user input with no character limit the application may be susceptible to Denial of Service. ### Patches The issue is patched in version 1.0.1 by improving the regular expression used and also enforcing a 254 character limit. ### Workarounds Restrict the character length to a reasonable degree before passing a value to `.emal()`; Also, consider doing a more rigorous sanitizing/validation beforehand.

GHSA-xgh6-85xh-479p

VCID-v5h1-gpt1-97bj

Regular expression denial of service in npm-user-validate This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.

CVE-2020-7754
GHSA-pw54-mh39-w3hc

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-02T16:56:39.738028+00:00	GHSA Importer	Fixing	VCID-v5h1-gpt1-97bj	https://github.com/advisories/GHSA-pw54-mh39-w3hc	38.1.0
2026-04-01T15:58:55.429268+00:00	GHSA Importer	Fixing	VCID-khpz-njyn-5qd1	https://github.com/advisories/GHSA-xgh6-85xh-479p	38.0.0
2026-04-01T13:02:54.511830+00:00	GithubOSV Importer	Fixing	VCID-v5h1-gpt1-97bj	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-pw54-mh39-w3hc/GHSA-pw54-mh39-w3hc.json	38.0.0
2026-04-01T12:59:25.810354+00:00	GithubOSV Importer	Fixing	VCID-khpz-njyn-5qd1	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/10/GHSA-xgh6-85xh-479p/GHSA-xgh6-85xh-479p.json	38.0.0