Serve-static Project Serve-static — known CVE vulnerabilities
Every CVE whose affected-product data names Serve-static Project Serve-static, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (1)
CVE-2015-1164 — CVSS 4.3 (medium): Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to…