CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

28 matches found

Veracode•added 2025/12/11 8:41 a.m.•3 views

URL Validation Bypass

validator.js is vulnerable to a URL Validation Bypass. The vulnerability is due to isURL using :// instead of : to parse protocols, allowing attackers to craft URLs that bypass protocol and domain checks and potentially enable XSS or open-redirect attacks...

6.1CVSS6.4AI score0.0005EPSS

Exploits1References3Affected Software1

CNNVD•added 2025/11/27 12:0 a.m.•1 views

Validator.js 安全漏洞

Validator.js is a string validator open source by validatorjs A security vulnerability exists in Validator.js versions prior to 13.15.22, which stems from the isLength function not taking into account the Unicode variant selector, which could lead to improper string length calculation...

8.7CVSS4.3AI score0.00112EPSS

Exploits2References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-31764

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.0005EPSS

Exploits1References5

RedhatCVE•added 2025/10/01 12:42 a.m.•1 views

CVE-2025-56200

A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leadi...

6.1CVSS6.3AI score0.0005EPSS

Exploits1References1

Github Security Blog•added 2025/09/30 6:30 p.m.•4 views

validator.js has a URL validation bypass vulnerability in its isURL function

A URL validation bypass vulnerability exists in validator.js prior to version 13.15.20. The isURL function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs...

6.1CVSS6.1AI score0.0005EPSS

Exploits1References10Affected Software1

OSV•added 2025/09/30 6:30 p.m.•1 views

GHSA-9965-VMPH-33XX validator.js has a URL validation bypass vulnerability in its isURL function

A URL validation bypass vulnerability exists in validator.js prior to version 13.15.20. The isURL function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs...

6.1CVSS6.1AI score0.0005EPSS

Exploits1References9

NVD•added 2025/09/30 6:15 p.m.•4 views

CVE-2025-56200

A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leadi...

6.1CVSS0.0005EPSS

Exploits1References4

OSV•added 2025/09/30 6:15 p.m.•1 views

CVE-2025-56200

A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leadi...

6.1CVSS6.3AI score

Exploits0References4

OSV•added 2025/09/30 6:15 p.m.•0 views

UBUNTU-CVE-2025-56200

A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leadi...

6.1CVSS6.7AI score0.0005EPSS

Exploits1References2

Cvelist•added 2025/09/30 12:0 a.m.•5 views

CVE-2025-56200

A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leadi...

Exploits1References4

CNNVD•added 2025/09/30 12:0 a.m.•1 views

validator.js 安全漏洞

Validator.js is a string validator A security vulnerability exists in validator.js version 13.15.15 and earlier, which stems from a URL validation bypass that could lead to cross-site scripting and open redirection attacks...

6.1CVSS5.8AI score0.0005EPSS

Exploits1References5

CVE•added 2025/09/30 12:0 a.m.•14 views

CVE-2025-56200

CVE-2025-56200 : Validator.js contains a URL validation bypass through version 13.15.15. The isURL() function splits on '://', but browsers use ':'; this allows crafting URLs that bypass protocol/domain checks and may enable XSS or open redirects. Connected sources indicate a fix is available in ...

6.1CVSS6AI score0.0005EPSS

Exploits1References4Affected Software1

Tenable Nessus•added 2025/09/02 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2021-3765

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - validator.js is vulnerable to Inefficient Regular Expression Complexity CVE-2021-3765 Note that Nessus relies on the presence of the package as reported by the...

7.5CVSS6.4AI score0.00044EPSS

Exploits1References2

IBM Security Bulletins•added 2022/12/05 7:0 p.m.•47 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, swagger, jQuery, Netty, Apache commons, validator.js, Chalk ansi-regex, Json-schema, Java SE and IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2021-4453...

9.8CVSS9.7AI score0.8042EPSS

Exploits29Affected Software1

Github Security Blog•added 2021/11/19 8:14 p.m.•17 views

Inefficient Regular Expression Complexity in Validator.js

Impact Versions of validator prior to 13.7.0 are affected by an inefficient Regular Expression complexity when using the rtrim and trim sanitizers. Patches The problem has been patched in validator 13.7.0...

7.5CVSS3.7AI score0.00044EPSS

Exploits1References6Affected Software1

OSV•added 2021/11/03 5:34 p.m.•33 views

GHSA-QGMG-GPPG-76G5 Inefficient Regular Expression Complexity in validator.js

validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity...

5.3CVSS8.3AI score0.00044EPSS

Exploits1References4

Github Security Blog•added 2021/11/03 5:34 p.m.•333 views

Inefficient Regular Expression Complexity in validator.js

validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity...

7.5CVSS7.5AI score0.00044EPSS

Exploits1References4Affected Software1

OSV•added 2021/11/02 7:15 a.m.•18 views

CVE-2021-3765

validator.js is vulnerable to Inefficient Regular Expression Complexity...

7.5CVSS6.6AI score

Exploits0References2

NVD•added 2021/11/02 7:15 a.m.•13 views

CVE-2021-3765

validator.js is vulnerable to Inefficient Regular Expression Complexity...

7.5CVSS0.00044EPSS

Exploits1References2

UbuntuCve•added 2021/11/02 7:15 a.m.•25 views

CVE-2021-3765

validator.js is vulnerable to Inefficient Regular Expression Complexity...

7.5CVSS6.4AI score0.00044EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by