Node-static Project CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-11149	2 @nubosoftware/node-static Project, Node-static Project	2 @nubosoftware/node-static, Node-static	2025-10-02	7.5 High
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server.
CVE-2023-26111	2 \@nubosoftware\/node-static Project, Node-static Project	2 \@nubosoftware\/node-static, Node-static	2025-03-05	7.5 High
All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function.

Page 1 of 1.