OSV - Open Source Vulnerabilities

MAL-2026-4142

npm/jest-url-loader

Malicious code in jest-url-loader (npm)

19 May

No fix available

GHSA-h7xc-4mv8-59fj

PyPI/mcp-url-downloader

mcp-url-downloader has a Server-Side Request Forgery issue

27 Apr

No fix available
Severity - 5.5 (Medium)

MAL-2026-2701

npm/sanitize-url

Malicious code in sanitize-url (npm)

16 Apr

No fix available

GHSA-8fgx-wgvr-pcx8

npm/js-video-url-parser

Zod jsVideoUrlParser vulnerable to ReDoS in util.js

10 Apr

No fix available
Severity - 5.5 (Medium)

MAL-2026-1260

npm/webmd-url

Malicious code in webmd-url (npm)

06 Mar

No fix available

MAL-2026-56

npm/@crepo/crepo-url-query-mapper

Malicious code in @crepo/crepo-url-query-mapper (npm)

05 Jan

No fix available

DLA-4413-1

Debian:11/node-url-parse

node-url-parse - security update

16 Dec 2025

Fix available

MAL-2025-190940

npm/url-encode-decode

Malicious code in url-encode-decode (npm)

24 Nov 2025

No fix available

MAL-2025-190897

npm/@posthog/url-normalizer-plugin

Malicious code in @posthog/url-normalizer-plugin (npm)

24 Nov 2025

No fix available

MAL-2025-49155

npm/epic-gtm-url-checker

Malicious code in epic-gtm-url-checker (npm)

30 Oct 2025

No fix available

MAL-2025-47310

npm/ember-url-hash-polyfill

Malicious code in ember-url-hash-polyfill (npm)

16 Sep 2025

No fix available

MAL-2025-41252

npm/@navify-platform/url

Malicious code in @navify-platform/url (npm)

20 Aug 2025

No fix available

MAL-2025-14821

npm/argos-findability-url-builder

Malicious code in argos-findability-url-builder (npm)

14 Aug 2025

No fix available

MAL-2025-15753

npm/bitcoin-url

Malicious code in bitcoin-url (npm)

14 Aug 2025

No fix available

MAL-2025-17181

npm/cloudinary-url-builder

Malicious code in cloudinary-url-builder (npm)

14 Aug 2025

No fix available

MAL-2025-19564

npm/ember-normalize-url-shim

Malicious code in ember-normalize-url-shim (npm)

14 Aug 2025

No fix available