CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Validator Project: >> Validator >> 3.3.0 Security Vulnerabilities

CVE-2025-56200

A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL() function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leading to XSS and Open Redirect attacks.

CVSS Score

6.1

EPSS Score

0.0

Published

2025-09-30

CVE-2021-3765

validator.js is vulnerable to Inefficient Regular Expression Complexity

CVSS Score

5.3

EPSS Score

0.0

Published

2021-11-02

Page 1

Vulnerabilities

Vulnerable Software

Validator Project: >> Validator >> 3.3.0 Security Vulnerabilities

Products

Pricing

Contact Us