VulnerableCode Package Details - pkg:npm/%40nubosoftware/node-static@0.7.11

Search for packages

Vulnerability	Summary	Fixed by
VCID-d5qz-j3ts-sqgb Aliases: CVE-2023-26111 GHSA-5g97-whc9-8g7j	node-static and @nubosoftware/node-static vulnerable to Directory Traversal node-static and its fork, @nubosoftware/node-static, are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function.	There are no reported fixed by versions.
VCID-jreh-snyz-7kda Aliases: CVE-2025-11149 GHSA-27w5-gj5q-82fv	@nubosoftware/node-static failure to catch exception can result in server crash This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-d5qz-j3ts-sqgb
Aliases:
CVE-2023-26111
GHSA-5g97-whc9-8g7j

node-static and @nubosoftware/node-static vulnerable to Directory Traversal node-static and its fork, @nubosoftware/node-static, are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function.

There are no reported fixed by versions.

VCID-jreh-snyz-7kda
Aliases:
CVE-2025-11149
GHSA-27w5-gj5q-82fv

@nubosoftware/node-static failure to catch exception can result in server crash This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-12T01:07:33.849208+00:00	GitLab Importer	Affected by	VCID-jreh-snyz-7kda	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@nubosoftware/node-static/CVE-2025-11149.yml	38.3.0
2026-04-11T23:41:37.334735+00:00	GitLab Importer	Affected by	VCID-d5qz-j3ts-sqgb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@nubosoftware/node-static/CVE-2023-26111.yml	38.3.0
2026-04-03T01:16:11.799462+00:00	GitLab Importer	Affected by	VCID-jreh-snyz-7kda	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@nubosoftware/node-static/CVE-2025-11149.yml	38.1.0
2026-04-02T23:45:36.156355+00:00	GitLab Importer	Affected by	VCID-d5qz-j3ts-sqgb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@nubosoftware/node-static/CVE-2023-26111.yml	38.1.0
2026-04-02T16:59:03.841012+00:00	GHSA Importer	Affected by	VCID-d5qz-j3ts-sqgb	https://github.com/advisories/GHSA-5g97-whc9-8g7j	38.1.0
2026-04-01T16:06:44.790409+00:00	GHSA Importer	Affected by	VCID-jreh-snyz-7kda	https://github.com/advisories/GHSA-27w5-gj5q-82fv	38.0.0
2026-04-01T12:52:56.169548+00:00	GitLab Importer	Affected by	VCID-jreh-snyz-7kda	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@nubosoftware/node-static/CVE-2025-11149.yml	38.0.0
2026-04-01T12:50:58.639900+00:00	GitLab Importer	Affected by	VCID-d5qz-j3ts-sqgb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@nubosoftware/node-static/CVE-2023-26111.yml	38.0.0