Medium Vulnerability in validator@13.15.15 (CVE-2025-56200)

[SrideviE50254]

Hi,

My application is currently using validator module version 13.15.15. and a medium-severity vulnerability has been identified in the validator module.

Please upgrade the validator module.

Attached is the screenshot of the vulnerability reported in Mend Bolt.

[igormpmartins]

We have the issue and would like to know if there's an plans for upgrading this, as well as plans for releasing a new version for this library.

[WikiRik]

Yes, we will resolve this issue in the next version. You are only affected if you use the isURL validator to parse URLs that are direct user input

[sebastien-savalle]

We have also the issue in our project. When do you plan to publish a new version ? Thanks

[TarasRospodniuk]

We also faced the issue, and we'd like to know if it's going to be fixed in the next few days. Thanks!

[johnemorris]

The issue was flagged for me today as well by MEND and will gate our CI/CD process. Please advise on release date.

[laneme]

Yes, we will resolve this issue in the next version. You are only affected if you use the isURL validator to parse URLs that are direct user input

WikiRik Thank you.

I think a lot of people do use it instead of their usual validation lib to validate user input, because how flexible isURL is.

[l205306]

From NPM

[SSP6904]

This issue seems to be present with the latest version of Sequelize and I'm not able to update it for some reason.

[a-safadi]

Is it gonna solve soon?