VulnerableCode Package Details - pkg:npm/validator@0.4.28

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/validator@0.4.28

Essentials
History (10)

purl	pkg:npm/validator@0.4.28

Next non-vulnerable version	13.15.22
Latest non-vulnerable version	13.15.22
Risk

Vulnerabilities affecting this package (10)

Vulnerability	Summary	Fixed by
VCID-39w3-x1bk-nyb7 Aliases: CVE-2013-7453 GHSA-552w-rqg8-gxxm	Moderate severity vulnerability that affects validator	1.1.0 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-4p6m-2sx4-c3bd Aliases: CVE-2021-3765 GHSA-qgmg-gppg-76g5		13.7.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-5ruz-v88w-qyh7 Aliases: CVE-2013-7451 GHSA-qpjp-7rp2-9c3f	Moderate severity vulnerability that affects validator	1.1.0 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-7swp-dafu-83d3 Aliases: CVE-2013-7452 GHSA-rh6c-q938-3r9q	Moderate severity vulnerability that affects validator	1.1.0 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-h8xn-3sg3-muf8 Aliases: GMS-2014-24	The validator module is vulnerable to Regular Expression Denial of Service (ReDoS) in the isURL method.	3.22.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-hgbu-3713-3fdw Aliases: CVE-2014-9772 GHSA-79mx-88w7-8f7q	XSS Filter Bypass via Encoded URL in validator	2.0.0 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rcz8-m4t1-97ct Aliases: CVE-2025-12758 GHSA-vghf-hv5q-vc2g	Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode variation selectors (\uFE0F, \uFE0E) appearing in a sequence which lead to improper string length calculation. This can lead to an application using isLength for input validation accepting strings significantly longer than intended, resulting in issues like data truncation in databases, buffer overflows in other system components, or denial-of-service.	13.15.22 Affected by 0 other vulnerabilities.
VCID-vmxk-yu12-wbfb Aliases: CVE-2025-56200 GHSA-9965-vmph-33xx	A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL() function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leading to XSS and Open Redirect attacks.	13.15.20 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-yczk-5ap3-tkb1 Aliases: GMS-2013-14	XSS Filter Bypass The module contains functionality meant to filter potential XSS attacks but that can be bypassed.	2.0.0 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zr2r-3vvm-kkf6 Aliases: CVE-2013-7454 GHSA-q4qq-fm7q-cwp5	Multiple XSS Filter Bypasses in validator	1.1.0 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T20:37:03.273448+00:00	GitLab Importer	Affected by	VCID-rcz8-m4t1-97ct	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/validator/CVE-2025-12758.yml	38.6.0
2026-06-12T20:22:27.447472+00:00	GitLab Importer	Affected by	VCID-vmxk-yu12-wbfb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/validator/CVE-2025-56200.yml	38.6.0
2026-06-12T17:50:11.486548+00:00	GitLab Importer	Affected by	VCID-4p6m-2sx4-c3bd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/validator/CVE-2021-3765.yml	38.6.0
2026-06-12T17:06:03.408642+00:00	GitLab Importer	Affected by	VCID-hgbu-3713-3fdw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/validator/CVE-2014-9772.yml	38.6.0
2026-06-12T16:55:31.230913+00:00	GitLab Importer	Affected by	VCID-7swp-dafu-83d3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/validator/CVE-2013-7452.yml	38.6.0
2026-06-12T16:55:30.622349+00:00	GitLab Importer	Affected by	VCID-zr2r-3vvm-kkf6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/validator/CVE-2013-7454.yml	38.6.0
2026-06-12T16:55:28.176085+00:00	GitLab Importer	Affected by	VCID-39w3-x1bk-nyb7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/validator/CVE-2013-7453.yml	38.6.0
2026-06-12T16:55:25.510676+00:00	GitLab Importer	Affected by	VCID-5ruz-v88w-qyh7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/validator/CVE-2013-7451.yml	38.6.0
2026-06-12T16:47:59.601209+00:00	GitLab Importer	Affected by	VCID-h8xn-3sg3-muf8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/validator/GMS-2014-24.yml	38.6.0
2026-06-12T16:46:37.186100+00:00	GitLab Importer	Affected by	VCID-yczk-5ap3-tkb1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/validator/GMS-2013-14.yml	38.6.0