validator

npm7 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting validatorpage 1 of 1

CVE-2013-7451MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.1.0
2017-01-23
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.
CVE-2013-7452MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.1.0
2017-01-23
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.
CVE-2013-7453MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.1.0
2017-01-23
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.
CVE-2013-7454MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.1.0
2017-01-23
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.
CVE-2014-9772MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.0.0
2017-01-23
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
CVE-2021-3765HIGHCVSS 7.5EG 7.5✓ Fixed in 13.7.0
2021-11-02
validator.js is vulnerable to Inefficient Regular Expression Complexity
CVE-2025-12758HIGHCVSS 7.5EG 7.5✓ Fixed in 13.15.22
2025-11-27
Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode variation selectors (\uFE0F, \uFE0E) a…

Check whether validator is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for validator CVEs against the assets you own.

Start Free Scan →