Validator CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-56200	2 Validator Project, Validatorjs	2 Validator, Validator.js	2025-10-18	6.1 Medium
A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL() function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leading to XSS and Open Redirect attacks.
CVE-2021-3765	2 Redhat, Validator Project	2 Openshift Data Foundation, Validator	2024-11-21	7.5 High
validator.js is vulnerable to Inefficient Regular Expression Complexity

Page 1 of 1.