Does RequestGuard fix vulnerabilities in url-parse?

No. RequestGuard does not fix npm package vulnerabilities. Use package updates, patches, lockfile changes, and maintainer guidance for dependency remediation.

What does RequestGuard help with while a dependency is being remediated?

RequestGuard helps mitigate runtime abuse against exposed signup, checkout, login, form, and API flows with allow, challenge, review, and block decisions.

Does no OSV advisory mean the package is safe?

No. Missing OSV advisories only means no known advisory was returned by that source at the time checked. Continue auditing and monitoring dependencies.

npm vulnerability intelligence

url-parse NPM Package
Vulnerability Check

Small footprint URL parser that works seamlessly across Node.js and browser environments

Critical MIT v1.5.10

Vulnerability Analysis OSV Live

url-parse

v1.5.10 · MIT · 39,648,837 dl/wk

Advisory Breakdown

Critical 2

High 0

Moderate 6

Low 0

Severity Rating

Critical

8 advisories

Critical

Weekly downloads

39,648,837

Total advisories

Latest version

1.5.10

License

MIT

Advisories Package Info Runtime

Known advisories

OSV records for the npm ecosystem

GHSA-46c4-8wrp-j99v CVE-2020-8124 moderate

Improper Validation and Sanitization in url-parse

Affected: >=0.1.0 <1.4.5 Fixed in: 1.4.5 Updated Feb 3, 2026

View source

GHSA-8v38-pw62-9cw2 CVE-2022-0639 moderate

url-parse Incorrectly parses URLs that include an '@'

Affected: >=1.0.0 <1.5.7 Fixed in: 1.5.7 Updated Feb 22, 2026

View source

GHSA-9m6j-fcg5-2442 CVE-2021-27515 moderate

Path traversal in url-parse

Affected: >=0.1.0 <1.5.0 Fixed in: 1.5.0 Updated Feb 3, 2026

View source

GHSA-hgjh-723h-mx2j CVE-2022-0686 critical

Authorization Bypass Through User-Controlled Key in url-parse

Affected: >=0 <1.5.8 Fixed in: 1.5.8 Updated Nov 8, 2023

View source

GHSA-hh27-ffr2-f2jc CVE-2021-3664 moderate

Open redirect in url-parse

Affected: >=0.1.0 <1.5.2 Fixed in: 1.5.2 Updated Feb 3, 2026

View source

GHSA-jf5r-8hm2-f872 CVE-2022-0691 moderate

url-parse incorrectly parses hostname / protocol due to unstripped leading control characters.

Affected: >=0.1.0 <1.5.9 Fixed in: 1.5.9 Updated Feb 3, 2026

View source

GHSA-pv4c-p2j5-38j4 CVE-2018-3774 critical

Open Redirect in url-parse

Affected: >=1.0.0 <1.4.3 Fixed in: 1.4.3 Updated Feb 3, 2026

View source

GHSA-rqff-837h-mm52 CVE-2022-0512 moderate

Authorization bypass in url-parse

Affected: >=0.1.0 <1.5.6 Fixed in: 1.5.6 Updated Feb 22, 2026

View source

Checked Jun 15, 2026, 10:37 AM from npm and OSV.dev

Package metadata

From the npm registry

Package name: url-parse
Ecosystem: npm
Latest version: 1.5.10
License: MIT
Weekly downloads: 39,648,837
Repository: Open repository

Remediation boundary

What RequestGuard does — and doesn't — cover

RequestGuard does not fix npm package vulnerabilities. Dependency remediation happens through package updates, patches, lockfile changes, and maintainer guidance. RequestGuard can help mitigate runtime abuse around exposed web and API flows while remediation is handled separately.

Signup flows

API traffic

Protect runtime flows →

Allow, challenge, review, and block decisions for exposed endpoints.

Data from npm registry and OSV.dev · Checked 6/15/2026, 10:37:27 AM

Lookups

Domain Radar

Email Risk

Traffic Abuse

Lookups

Domain Radar

Email Risk

Traffic Abuse

url-parse NPM Package
Vulnerability Check

Known advisories

Package metadata

Remediation boundary

Lookups

Domain Radar

Email Risk

Traffic Abuse

url-parse NPM PackageVulnerability Check

Known advisories

Package metadata

Remediation boundary

url-parse NPM Package
Vulnerability Check