url-parse incorrectly parses hostname / protocol due to unstripped leading control characters.
Affected versions >=0 <1.5.9
Authorization bypass in url-parse
Affected versions >=0 <1.5.6
Open redirect in url-parse
Affected versions >=0 <1.5.2
url-parse Incorrectly parses URLs that include an '@'
Affected versions >=0 <1.5.7
Authorization Bypass Through User-Controlled Key in url-parse
Affected versions >=0 <1.5.8