Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/sexstatic@0.6.2
purl pkg:npm/sexstatic@0.6.2
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-52kv-7p56-5kcf
Aliases:
CVE-2018-3755
[sexstatic] HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:37:44.933690+00:00 GitLab Importer Affected by VCID-52kv-7p56-5kcf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sexstatic/CVE-2018-3755.yml 38.6.0
2026-06-02T03:45:05.019408+00:00 Npm Importer Affected by VCID-52kv-7p56-5kcf https://github.com/nodejs/security-wg/blob/main/vuln/npm/437.json 38.6.0