Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/validator@8.0.0

Type npm

Namespace

Name validator

Version 8.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 13.15.22

Latest_non_vulnerable_version 13.15.22

Affected_by_vulnerabilities

url VCID-4zv9-cpgr-nyep

vulnerability_id VCID-4zv9-cpgr-nyep

summary

validator.js has a URL validation bypass vulnerability in its isURL function
A URL validation bypass vulnerability exists in validator.js prior to version 13.15.20. The isURL() function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leading to XSS and Open Redirect attacks.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-56200

reference_id

reference_type

scores

value	0.00054
scoring_system	epss
scoring_elements	0.17079
published_at	2026-06-08T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17097
published_at	2026-06-09T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17198
published_at	2026-06-05T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17193
published_at	2026-06-06T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17158
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-56200

reference_url

https://gist.github.com/junan-98/27ae092aa40e2a057d41a0f95148f666

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:34:38Z/

url

https://gist.github.com/junan-98/27ae092aa40e2a057d41a0f95148f666

reference_url

https://gist.github.com/junan-98/a93130505b258b9e4ec9f393e7533596

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:34:38Z/

url

https://gist.github.com/junan-98/a93130505b258b9e4ec9f393e7533596

reference_url

https://github.com/validatorjs/validator.js

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:34:38Z/

url

https://github.com/validatorjs/validator.js

reference_url

https://github.com/validatorjs/validator.js/commit/cbef5088f02d36caf978f378bb845fe49bdc0809

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/validatorjs/validator.js/commit/cbef5088f02d36caf978f378bb845fe49bdc0809

reference_url

https://github.com/validatorjs/validator.js/issues/2600

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/validatorjs/validator.js/issues/2600

reference_url

https://github.com/validatorjs/validator.js/pull/2608

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/validatorjs/validator.js/pull/2608

reference_url

https://github.com/validatorjs/validator.js/releases/tag/13.15.20

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/validatorjs/validator.js/releases/tag/13.15.20

reference_url

http://validatorjs.com

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:34:38Z/

url

http://validatorjs.com

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-56200

reference_id

CVE-2025-56200

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-56200

reference_url

https://github.com/advisories/GHSA-9965-vmph-33xx

reference_id

GHSA-9965-vmph-33xx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9965-vmph-33xx

fixed_packages

url pkg:npm/validator@13.15.20

purl pkg:npm/validator@13.15.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hr9j-sp88-yqcp

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/validator@13.15.20

aliases CVE-2025-56200, GHSA-9965-vmph-33xx

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4zv9-cpgr-nyep

url VCID-5y3j-q5mp-p3cf

vulnerability_id VCID-5y3j-q5mp-p3cf

summary validator.js is vulnerable to Inefficient Regular Expression Complexity

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3765.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3765.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3765

reference_id

reference_type

scores

value	0.00044
scoring_system	epss
scoring_elements	0.13721
published_at	2026-06-04T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.138
published_at	2026-06-05T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18462
published_at	2026-06-08T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18544
published_at	2026-06-07T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18582
published_at	2026-06-06T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18482
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3765

reference_url

https://github.com/validatorjs/validator.js

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/validatorjs/validator.js

reference_url

https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1

reference_url

https://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2126299
reference_id	2126299
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2126299

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3765

reference_id

CVE-2021-3765

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3765

reference_url

https://github.com/advisories/GHSA-qgmg-gppg-76g5

reference_id

GHSA-qgmg-gppg-76g5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qgmg-gppg-76g5

reference_url	https://access.redhat.com/errata/RHSA-2023:3742
reference_id	RHSA-2023:3742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3742

reference_url	https://access.redhat.com/errata/RHSA-2023:7820
reference_id	RHSA-2023:7820
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7820

fixed_packages

url pkg:npm/validator@13.7.0

purl pkg:npm/validator@13.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4zv9-cpgr-nyep

vulnerability	VCID-hr9j-sp88-yqcp

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/validator@13.7.0

aliases CVE-2021-3765, GHSA-qgmg-gppg-76g5

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5y3j-q5mp-p3cf

url VCID-hr9j-sp88-yqcp

vulnerability_id VCID-hr9j-sp88-yqcp

summary

Validator is Vulnerable to Incomplete Filtering of One or More Instances of Special Elements
Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode variation selectors (\uFE0F, \uFE0E) appearing in a sequence which lead to improper string length calculation. This can lead to an application using isLength for input validation accepting strings significantly longer than intended, resulting in issues like data truncation in databases, buffer overflows in other system components, or denial-of-service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-12758

reference_id

reference_type

scores

value	0.00112
scoring_system	epss
scoring_elements	0.29382
published_at	2026-06-05T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29292
published_at	2026-06-09T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29279
published_at	2026-06-08T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29313
published_at	2026-06-07T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29348
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-12758

reference_url

http://seclists.org/fulldisclosure/2026/Jan/27

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2026/Jan/27

reference_url

https://gist.github.com/koral--/ad31208b25b9e3d1e2e35f1d4d72572e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:27:54Z/

url

https://gist.github.com/koral--/ad31208b25b9e3d1e2e35f1d4d72572e

reference_url

https://github.com/validatorjs/validator.js

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/validatorjs/validator.js

reference_url

https://github.com/validatorjs/validator.js/commit/d457ecaf55b0f3d8bd379d82757425d0d13dd382

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/validatorjs/validator.js/commit/d457ecaf55b0f3d8bd379d82757425d0d13dd382

reference_url

https://github.com/validatorjs/validator.js/pull/2616

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:27:54Z/

url

https://github.com/validatorjs/validator.js/pull/2616

reference_url

https://security.snyk.io/vuln/SNYK-JS-VALIDATOR-13653476

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:27:54Z/

url

https://security.snyk.io/vuln/SNYK-JS-VALIDATOR-13653476

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-12758

reference_id

CVE-2025-12758

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-12758

reference_url

https://github.com/advisories/GHSA-vghf-hv5q-vc2g

reference_id

GHSA-vghf-hv5q-vc2g

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vghf-hv5q-vc2g

fixed_packages

url	pkg:npm/validator@13.15.22
purl	pkg:npm/validator@13.15.22
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/validator@13.15.22

aliases CVE-2025-12758, GHSA-vghf-hv5q-vc2g

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hr9j-sp88-yqcp

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/validator@8.0.0

Package Instance