Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/node-static@0.7.8
Typenpm
Namespace
Namenode-static
Version0.7.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1126-8m5u-5kbg
vulnerability_id VCID-1126-8m5u-5kbg
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://github.com/cloudhead/node-static
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/cloudhead/node-static
1
reference_url https://github.com/cloudhead/node-static/blob/643a528ec7bbd05a59c4030655d94810570afb3f/CHANGES.md#-unreleased
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/cloudhead/node-static/blob/643a528ec7bbd05a59c4030655d94810570afb3f/CHANGES.md#-unreleased
2
reference_url https://github.com/cloudhead/node-static/pull/213
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/cloudhead/node-static/pull/213
3
reference_url https://github.com/github/advisory-database/pull/6248
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/6248
4
reference_url https://security.snyk.io/vuln/SNYK-JS-NODESTATIC-1297183
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-JS-NODESTATIC-1297183
5
reference_url https://www.npmjs.com/advisories/1208
reference_id
reference_type
scores
url https://www.npmjs.com/advisories/1208
6
reference_url https://www.npmjs.com/package/node-static
reference_id
reference_type
scores
url https://www.npmjs.com/package/node-static
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-11149
reference_id CVE-2025-11149
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-11149
8
reference_url https://github.com/advisories/GHSA-8r4g-cg4m-x23c
reference_id GHSA-8r4g-cg4m-x23c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8r4g-cg4m-x23c
fixed_packages
aliases GHSA-8r4g-cg4m-x23c, GMS-2021-39
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1126-8m5u-5kbg
1
url VCID-d5qz-j3ts-sqgb
vulnerability_id VCID-d5qz-j3ts-sqgb
summary 
node-static and @nubosoftware/node-static vulnerable to Directory Traversal
node-static and its fork, @nubosoftware/node-static, are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26111
reference_id
reference_type
scores
0
value 0.0132
scoring_system epss
scoring_elements 0.79874
published_at 2026-04-09T12:55:00Z
1
value 0.0132
scoring_system epss
scoring_elements 0.7987
published_at 2026-04-13T12:55:00Z
2
value 0.0132
scoring_system epss
scoring_elements 0.79877
published_at 2026-04-12T12:55:00Z
3
value 0.0132
scoring_system epss
scoring_elements 0.79849
published_at 2026-04-04T12:55:00Z
4
value 0.0132
scoring_system epss
scoring_elements 0.79837
published_at 2026-04-07T12:55:00Z
5
value 0.0132
scoring_system epss
scoring_elements 0.79866
published_at 2026-04-08T12:55:00Z
6
value 0.0132
scoring_system epss
scoring_elements 0.79894
published_at 2026-04-11T12:55:00Z
7
value 0.01328
scoring_system epss
scoring_elements 0.79892
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26111
1
reference_url https://gist.github.com/lirantal/c80b28e7bee148dc287339cb483e42bc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:29:56Z/
url https://gist.github.com/lirantal/c80b28e7bee148dc287339cb483e42bc
2
reference_url https://github.com/cloudhead/node-static
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/cloudhead/node-static
3
reference_url https://github.com/cloudhead/node-static/blob/master/lib/node-static.js#23L160-L163
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/cloudhead/node-static/blob/master/lib/node-static.js#23L160-L163
4
reference_url https://security.snyk.io/vuln/SNYK-JS-NODESTATIC-3149928
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:29:56Z/
url https://security.snyk.io/vuln/SNYK-JS-NODESTATIC-3149928
5
reference_url https://security.snyk.io/vuln/SNYK-JS-NUBOSOFTWARENODESTATIC-3149927
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:29:56Z/
url https://security.snyk.io/vuln/SNYK-JS-NUBOSOFTWARENODESTATIC-3149927
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26111
reference_id CVE-2023-26111
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26111
7
reference_url https://github.com/advisories/GHSA-5g97-whc9-8g7j
reference_id GHSA-5g97-whc9-8g7j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5g97-whc9-8g7j
8
reference_url https://github.com/cloudhead/node-static/blob/master/lib/node-static.js%23L160-L163
reference_id node-static.js%23L160-L163
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:29:56Z/
url https://github.com/cloudhead/node-static/blob/master/lib/node-static.js%23L160-L163
fixed_packages
aliases CVE-2023-26111, GHSA-5g97-whc9-8g7j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d5qz-j3ts-sqgb
2
url VCID-jreh-snyz-7kda
vulnerability_id VCID-jreh-snyz-7kda
summary 
@nubosoftware/node-static failure to catch exception can result in server crash
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11149.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11149.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-11149
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04128
published_at 2026-04-13T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.04112
published_at 2026-04-02T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.0413
published_at 2026-04-04T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.04146
published_at 2026-04-07T12:55:00Z
4
value 0.00017
scoring_system epss
scoring_elements 0.04178
published_at 2026-04-08T12:55:00Z
5
value 0.00017
scoring_system epss
scoring_elements 0.04192
published_at 2026-04-09T12:55:00Z
6
value 0.00017
scoring_system epss
scoring_elements 0.04171
published_at 2026-04-11T12:55:00Z
7
value 0.00017
scoring_system epss
scoring_elements 0.04154
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-11149
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11149
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11149
3
reference_url https://github.com/cloudhead/node-static
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/cloudhead/node-static
4
reference_url https://github.com/cloudhead/node-static/commit/78879dc665f0f7137063794b6e0b6203a81c7f67
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:06:54Z/
url https://github.com/cloudhead/node-static/commit/78879dc665f0f7137063794b6e0b6203a81c7f67
5
reference_url https://github.com/github/advisory-database/pull/6248
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/6248
6
reference_url https://security.snyk.io/vuln/SNYK-JS-NODESTATIC-1297183
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:06:54Z/
url https://security.snyk.io/vuln/SNYK-JS-NODESTATIC-1297183
7
reference_url https://security.snyk.io/vuln/SNYK-JS-NUBOSOFTWARENODESTATIC-3330728
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:06:54Z/
url https://security.snyk.io/vuln/SNYK-JS-NUBOSOFTWARENODESTATIC-3330728
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117504
reference_id 1117504
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117504
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2400393
reference_id 2400393
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2400393
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-11149
reference_id CVE-2025-11149
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-11149
11
reference_url https://github.com/advisories/GHSA-27w5-gj5q-82fv
reference_id GHSA-27w5-gj5q-82fv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-27w5-gj5q-82fv
fixed_packages
aliases CVE-2025-11149, GHSA-27w5-gj5q-82fv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jreh-snyz-7kda
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/node-static@0.7.8