Browse Security Advisories
Moderate Security Advisories for serve in npm Clear Filters
Moderate
almost 4 years ago
vercel/serve allows access to restricted files if filename is URL encoded.
npm
serve
Filter by Severity
Filter by Ecosystem
maven
3,135
packagist
3,007
pypi
2,022
npm
1,354
go
1,273
nuget
659
rubygems
437
cargo
411
hex
16
swift
13
actions
7
pub
3
Filter by Package
directus
23
tinymce
14
tinymce/tinymce
11
bootstrap
11
TinyMCE
11
@openzeppelin/contracts
11
ckeditor4
11
@openzeppelin/contracts-upgradeable
11
vite
10
joplin
10
ghost
10
bootstrap
9
twbs/bootstrap
9
org.webjars:bootstrap
9
electron
9
angular
9
bootstrap
9
next
9
swagger-ui
9
parse-server
8
editor.md
8
nocodb
7
nodebb
7
bootstrap-sass
7
org.webjars.npm:jquery
7
validator
7
org.webjars.npm:jquery-ui
7
marked
7
uptime-kuma
7
jquery-rails
7
jquery-ui-rails
7
jquery-ui
7
jquery
7
bootstrap-sass
7
bootstrap.sass
7
jQuery.UI.Combined
7
vega
6
undici
6
flowise
6
jQuery
6
url-parse
6
sanitize-html
6
snyk-broker
6
urijs
6
tarteaucitronjs
5
matrix-js-sdk
5
vditor
5
matrix-appservice-irc
5
katex
5
n8n
5
@evershop/evershop
5
froala-editor
5
serve
4
rsshub
4
trix
4
yui
4
@directus/api
4
vega-functions
4
glance
4
dompurify
4
matrix-react-sdk
4
materialize-css
4
hono
3
follow-redirects
3
jose-node-cjs-runtime
3
apollo-server-core
3
jose-node-esm-runtime
3
@saltcorn/server
3
@materializecss/materialize
3
@ckeditor/ckeditor5-markdown-gfm
3
yapi-vendor
3
xlsx
3
systeminformation
3
mattermost-desktop
3
m-server
3
@jmondi/url-to-png
3
parse-url
3
valine
3
jose
3
express
3
public
3
@intlify/vue-i18n-core
3
@backstage/techdocs-common
3
@lobehub/chat
3
strapi
3
mysql
3
layui
3
moodle/moodle
3
org.webjars.npm:xlsx
3
django-tinymce
3
sequelize
3
next-auth
3
petite-vue-i18n
3
hapi
3
lodash
3
vue-i18n
3
postcss
3
renovate
3
statics-server
3
dojo
3
docsify
3
html-janitor
2
jodit
2
auth0-lock
2
@cloudflare/workers-oauth-provider
2
fast-jwt
2
@umbraco-cms/backoffice
2
gitbook
2
jszip
2
apollo-server
2
wrangler
2
serialize-javascript
2
json-pointer
2
sockjs
2
bootbox
2
erxes
2
typo3/cms
2
prismjs
2
rendertron
2
axios
2
saml2-js
2
@braintree/sanitize-url
2
forms
2
mxgraph
2
lodash-es
2
maximebf/debugbar
2
http-file-server
2
@adobe/css-tools
2
node-sass
2
summernote
2
harp
2
ejs
2
@haxtheweb/haxcms-nodejs
2
webpack-dev-server
2
http-proxy-middleware
2
pug-code-gen
2
pug
2
@directus/app
2
simple-markdown
2
nodemailer
2
mapbox.js
2
tough-cookie
2
@fedify/fedify
2
jsonwebtoken
2
@strapi/utils
2
keystone
2
connect
2
status-board
2
notevil
2
node-red-dashboard
2
astro
2
simditor
2
handlebars
2
socket.io
2
xmldom
2
mongo-express
2
components/jquery
2
ckeditor/ckeditor
2
mcp-markdownify-server
2
i18next
2
karma
2
@intlify/core
2
@auth0/nextjs-auth0
2
@finastra/nestjs-proxy
2
mysql2
2
Umbraco.Cms.StaticAssets
2
drupal/core
2
@intlify/core-base
2
engine.io
2
froala/wysiwyg-editor
2
drupal/drupal
2
jsrsasign
2
jsoneditor
2
aws-cdk
2
reveal.js
2
@strapi/plugin-content-manager
2
stimulsoft-dashboards-js
2
@directus/storage-driver-s3
2
jellyfin-web
2
psitransfer
2
google-closure-library
2
@openc3/tool-common
2
matrix-appservice-bridge
2
nunjucks
2
pnpm
2
openmct
2
converse.js
2
highlight.js
2
bl
2
openc3
2
jose-browser-runtime
2
swagger-ui-dist
2
@strapi/strapi
2
uap-core
2
nanoid
2
querymen
2
svelte
2
typo3/cms-core
2
keycloak-connect
2
openpgp
2