Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
url-parse project url-parse vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2021-27515
url-parse prior to 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
Url-parse Project Url-parse
5.3
CVSSv3
CVE-2020-8124
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and previous versions may allow malicious user to bypass security checks.
Url-parse Project Url-parse
10
CVSSv3
CVE-2018-3774
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.
Url-parse Project Url-parse
1 Github repository
9.1
CVSSv3
CVE-2022-0686
Authorization Bypass Through User-Controlled Key in NPM url-parse before 1.5.8.
Url-parse Project Url-parse
5.3
CVSSv3
CVE-2022-0512
Authorization Bypass Through User-Controlled Key in NPM url-parse before 1.5.6.
Url-parse Project Url-parse
9.8
CVSSv3
CVE-2022-0691
Authorization Bypass Through User-Controlled Key in NPM url-parse before 1.5.9.
Url-parse Project Url-parse
5.3
CVSSv3
CVE-2022-0639
Authorization Bypass Through User-Controlled Key in NPM url-parse before 1.5.7.
Url-parse Project Url-parse
5.3
CVSSv3
CVE-2021-3664
url-parse is vulnerable to URL Redirection to Untrusted Site
Url-parse Project Url-parse
7.5
CVSSv3
CVE-2023-33290
The git-url-parse crate up to and including 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python).
Git-url-parse Project Git-url-parse
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started