VulnerableCode Package Details - pkg:npm/serve@6.4.6

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/serve@6.4.6

Essentials
History (7)

purl	pkg:npm/serve@6.4.6

Next non-vulnerable version	10.1.2
Latest non-vulnerable version	10.1.2
Risk	4.2

Vulnerabilities affecting this package (7)

Vulnerability	Summary	Fixed by
VCID-b1jn-wqse-wqdk Aliases: CVE-2019-5415 GHSA-v588-qcp3-jv46	Path Traversal in serve	7.0.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-fagg-e2tb-zygy Aliases: CVE-2018-3712 GHSA-q2qh-cgc2-qhr3	Directory Traversal in serve	6.4.9 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-gsha-1uc8-9fdb Aliases: GHSA-cpgr-wmr9-qxv4 GMS-2020-774	Cross-Site Scripting in serve	10.0.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-r6cv-1gqj-27dv Aliases: GHSA-48gc-5j93-5cfq GMS-2020-773	Path Traversal in serve	10.1.2 Affected by 0 other vulnerabilities.
VCID-t7uu-35ze-3uas Aliases: GHSA-wm7q-rxch-43mx GMS-2020-775	Byass due to validation before canonicalization in serve	6.5.2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xkwm-jspu-77be Aliases: CVE-2018-3718 GHSA-5rc4-8qqh-vq7f		6.5.2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-y2zp-h76y-kkcj Aliases: GHSA-xw79-hhv6-578c GMS-2020-776	Cross-Site Scripting in serve	10.0.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T16:44:19.746761+00:00	GitLab Importer	Affected by	VCID-r6cv-1gqj-27dv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/serve/GMS-2020-773.yml	38.6.0
2026-06-13T16:44:14.341847+00:00	GitLab Importer	Affected by	VCID-gsha-1uc8-9fdb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/serve/GMS-2020-774.yml	38.6.0
2026-06-13T16:44:11.635172+00:00	GitLab Importer	Affected by	VCID-y2zp-h76y-kkcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/serve/GMS-2020-776.yml	38.6.0
2026-06-13T16:40:49.796312+00:00	GitLab Importer	Affected by	VCID-t7uu-35ze-3uas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/serve/GMS-2020-775.yml	38.6.0
2026-06-12T17:09:20.363109+00:00	GitLab Importer	Affected by	VCID-b1jn-wqse-wqdk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/serve/CVE-2019-5415.yml	38.6.0
2026-06-12T17:00:24.356515+00:00	GitLab Importer	Affected by	VCID-xkwm-jspu-77be	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/serve/CVE-2018-3718.yml	38.6.0
2026-06-12T16:59:58.607562+00:00	GitLab Importer	Affected by	VCID-fagg-e2tb-zygy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/serve/CVE-2018-3712.yml	38.6.0