serve-static — CVE history (npm)
serve-static
2 CVEs affect the serve-static npm package (highest CVSS 5.0). Latest disclosed: 2024-09-10. Full CVE history sourced from NVD.
Summary
- Package
serve-static(npm)- Total CVEs
2- Actively exploited (CISA KEV)
- 0
- Highest CVSS
5.0- Latest disclosed
- 2024-09-10
Recent CVEs (top 2)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43800 | Medium | 5.0 | — | 2024-09-10 | serve-static serves static files. |
CVE-2015-1164 | — | — | — | 2015-01-21 | Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a d… |
All-time worst (top 1 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43800 | Medium | 5.0 | — | 2024-09-10 | serve-static serves static files. |