Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Veracode
Veracodeadded 2025/11/17 9:19 a.m.3 views

Improper Input Validation

@nubosoftware/node-static is vulnerable to improper input validation.The vulnerability is due to the package failing to handle null-byte %00 input correctly, which allows an attacker to trigger an exception and crash the server...

7.5CVSS7AI score0.00017EPSS
Exploits0References3Affected Software2
CNNVD
CNNVDadded 2025/09/30 12:0 a.m.1 views

node-static 安全漏洞

node-static is an rfc 2616-compliant HTTP static file server module with built-in caching by Alexis Sellier, an individual developer. A security vulnerability exists in node-static that stems from an uncaught user input exception containing a null byte, which could cause the server to crash...

7.5CVSS6.3AI score0.00017EPSS
Exploits0References3
OSV
OSVadded 2023/03/06 6:30 a.m.0 views

GHSA-5G97-WHC9-8G7J node-static and @nubosoftware/node-static vulnerable to Directory Traversal

node-static and its fork, @nubosoftware/node-static, are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...

7.5CVSS7.1AI score0.0132EPSS
Exploits1References6
vulnersOsv
vulnersOsvadded 2022/11/28 12:55 p.m.0 views

277snippet-cli (>=1.0.0 <=1.0.2), 40au-isteven-angular-multiselect (=4.0.0) +740 more potentially affected by CVE-2023-26111 via node-static (>=0.5.6 <=0.7.9)

node-static NPM version =0.5.6, =1.0.0, =1.0.5, =0.0.5, =0.0.1, =0.0.1, =17.0.6 and more Source cves: CVE-2023-26111 Source advisory: SNYK:JS-NODESTATIC-3149928...

7.5CVSS7.1AI score0.0132EPSS
Exploits1
vulnersOsv
vulnersOsvadded 2021/09/22 6:22 p.m.1 views

40au-isteven-angular-multiselect (=4.0.0), @abcd19/st-grid (=3.1.0) +724 more potentially affected by CVE-2025-11149 via node-static (>=0.5.6 <=0.7.11)

node-static NPM version =0.5.6, =1.0.5, =0.0.5, =0.0.1, =0.0.1, =17.0.6 - @beadswap/lib =0.0.1 and more Source cves: CVE-2025-11149 Source advisory: OSV:GHSA-8R4G-CG4M-X23C...

7.5CVSS5.8AI score0.00017EPSS
Exploits0
vulnersOsv
vulnersOsvadded 2021/05/28 1:36 p.m.1 views

277snippet-cli (>=1.0.0 <=1.0.2), 40au-isteven-angular-multiselect (=4.0.0) +740 more potentially affected by CVE-2025-11149 via node-static (>=0.5.6 <=0.7.9)

node-static NPM version =0.5.6, =1.0.0, =1.0.5, =0.0.5, =0.0.1, =0.0.1, =17.0.6 and more Source cves: CVE-2025-11149 Source advisory: SNYK:JS-NODESTATIC-1297183...

7.5CVSS5.8AI score0.00017EPSS
Exploits0
Veracode
Veracodeadded 2019/01/14 10:22 a.m.9 views

Denial Of Service (DoS)

node-static is vulnerable to denial of service DoS. The attack exists because it does not properly handle the argument 'path', allowing the attacker to input the path \u0000 NULL to crash fs.stat with the error message "TypeError ERRINVALIDARGVALUE: The argument 'path' must be a string or...

6.4AI score
Exploits0
Rows per page
Query Builder