VulnerableCode Package Details - pkg:npm/m-server@1.3.3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/m-server@1.3.3

Essentials
History (3)

purl	pkg:npm/m-server@1.3.3

Next non-vulnerable version	1.4.2
Latest non-vulnerable version	1.4.2
Risk	3.1

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-7cwe-vfmf-nbau Aliases: CVE-2018-16484 GHSA-gmxv-xf2q-6j8m	Cross-site Scripting A XSS vulnerability was found in module m-server that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.	1.4.2 Affected by 0 other vulnerabilities.
VCID-wp6b-9r5n-h3h6 Aliases: GHSA-vc6r-4x6g-mmqc GMS-2019-133	Relative Path Traversal in m-server.	1.4.2 Affected by 0 other vulnerabilities.
VCID-wxay-9sqd-uqgm Aliases: CVE-2018-16485 GHSA-899g-6q6w-7v94	Path Traversal vulnerability in module m-server allows malicious user to access unauthorized content of any file in the directory tree e.g. `/etc/passwd` by appending slashes to the URL request.	1.4.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T09:57:18.474785+00:00	GitLab Importer	Affected by	VCID-wp6b-9r5n-h3h6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/m-server/GMS-2019-133.yml	38.6.0
2026-05-31T09:53:26.000158+00:00	GitLab Importer	Affected by	VCID-wxay-9sqd-uqgm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/m-server/CVE-2018-16485.yml	38.6.0
2026-05-31T09:53:24.816048+00:00	GitLab Importer	Affected by	VCID-7cwe-vfmf-nbau	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/m-server/CVE-2018-16484.yml	38.6.0