Impact Versions of validator prior to 13.7.0 are affected by an inefficient Regular Expression complexity when using the rtrim and trim sanitizers. Patches The problem has been patched in validator 13.7.0
validator.js is vulnerable to Inefficient Regular Expression Complexity
Versions of validator prior to 3.22.1 are affected by a regular expression denial of service vulnerability in the isURL method. Recommendation Update to version 3.22.1 or later.
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.
The validator module is vulnerable to Regular Expression Denial of Service (ReDoS) in the isURL method.
The module contains functionality meant to filter potential XSS attacks but that can be bypassed.