NodeJS/jquery-validation/1.19.4-pre
Client-side form validation made easy
https://www.npmjs.com/package/jquery-validation
MIT
3 Security Vulnerabilities
jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method
- https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-ffmh-x56j-9rc3
- https://github.com/advisories/GHSA-ffmh-x56j-9rc3
- https://nvd.nist.gov/vuln/detail/CVE-2022-31147
- https://github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0dd
- https://github.com/jquery-validation/jquery-validation/releases/tag/1.19.5
Summary
Incomplete fix of CVE-2021-43306: An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method.
Regular expression denial of service in jquery-validation
- https://nvd.nist.gov/vuln/detail/CVE-2021-43306
- https://research.jfrog.com/vulnerabilities/jquery-validation-redos-xray-211348/
- https://github.com/jquery-validation/jquery-validation/commit/69cb17ed774b427f7e2ffcdf197968231725c30e
- https://github.com/advisories/GHSA-j9m2-h2pv-wvph
- https://github.com/jquery-validation/jquery-validation/pull/2428
- https://research.jfrog.com/vulnerabilities/jquery-validation-redos-xray-211348
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method
jquery-validation vulnerable to Cross-site Scripting
- https://nvd.nist.gov/vuln/detail/CVE-2025-3573
- https://github.com/jquery-validation/jquery-validation/pull/2462
- https://github.com/jquery-validation/jquery-validation/commit/7a490d8f39bd988027568ddcf51755e1f4688902
- https://security.snyk.io/vuln/SNYK-JS-JQUERYVALIDATION-5952285
- https://github.com/advisories/GHSA-rrj2-ph5q-jxw2
Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.
21 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 1.22.1 | MIT | 2026-02-18 - 12:00 | 3 months | |
| 1.22.0 | MIT | 2026-01-22 - 15:49 | 4 months | |
| 1.21.0 | MIT | 2024-07-17 - 09:45 | almost 2 years | |
| 1.20.1 | MIT | 2024-06-13 - 13:34 | almost 2 years | |
| 1.20.0 | MIT | 2023-10-09 - 23:15 | over 2 years | |
| 1.19.5 | MIT | 1 | 2022-07-01 - 15:22 | almost 4 years |
| 1.19.5-pre | MIT | 2 | 2022-05-19 - 15:51 | almost 4 years |
| 1.19.4 | MIT | 2 | 2022-05-19 - 15:50 | almost 4 years |
| 1.19.4-pre | MIT | 3 | 2022-04-12 - 16:30 | about 4 years |
| 1.19.3 | MIT | 3 | 2021-01-09 - 15:55 | over 5 years |
| 1.19.2 | MIT | 4 | 2020-05-23 - 08:35 | almost 6 years |
| 1.19.1 | MIT | 4 | 2019-06-15 - 06:34 | almost 7 years |
| 1.19.0 | MIT | 4 | 2018-11-28 - 18:36 | over 7 years |
| 1.18.0 | MIT | 4 | 2018-09-09 - 18:39 | over 7 years |
| 1.17.0 | MIT | 4 | 2017-07-29 - 07:31 | almost 9 years |
| 1.16.0 | MIT | 4 | 2016-12-02 - 12:51 | over 9 years |
| 1.15.1 | MIT | 4 | 2016-07-22 - 15:51 | almost 10 years |
| 1.15.0 | MIT | 4 | 2016-02-25 - 09:02 | about 10 years |
| 1.15.0-pre | MIT | 4 | 2016-02-25 - 08:53 | about 10 years |
| 1.14.0 | MIT | 4 | 2015-06-30 - 16:14 | almost 11 years |
| 1.13.1 | MIT | 4 | 2014-10-17 - 14:07 | over 11 years |