OsVault/npm/http_server
npm

http_server

14 known vulnerabilities · 0 critical · 2 high

CVE-2019-15600HIGH

Cross-Site Scripting in http_server

Published Mar 31, 2020
GHSA-8rpw-6cqh-2v9h

browserstack-runner has an unauthenticated arbitrary file read via path traversal in HTTP server

Published Jun 3, 2026
GHSA-r9pm-gxmw-wv6p

NodeVM network builtin exclusions bypass via internal _http_client and _http_server

Published May 29, 2026
CVE-2026-22812

OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution

Published Jan 13, 2026
GHSA-6qvv-pj99-48qm

@adonisjs/http-server has an Open Redirect vulnerability

Published Apr 14, 2026
CVE-2021-23797HIGH

Path Traversal in http-server-node

Published Jan 5, 2022
CVE-2019-5457MEDIUM

Cross-Site Scripting in min-http-server

Published Jul 31, 2019
MAL-2026-2714

Malicious code in @gameforge/http-server (npm)

Published Apr 16, 2026
GHSA-vmhw-fhj6-m3g5

Path Traversal in angular-http-server

Published May 31, 2019
MAL-2025-4980

Malicious code in raise-http-server (npm)

Published Jun 16, 2025
GHSA-2r2p-4cgf-hv7h

engram: HTTP server CORS wildcard + auth-off-by-default enables CSRF graph exfiltration and persistent indirect prompt injection

Published Apr 22, 2026
CVE-2018-3713MEDIUM

Path Traversal in angular-http-server

Published Jul 26, 2018
GHSA-mxjx-28vx-xjjj

Network-AI: ApprovalInbox HTTP server has no authentication — anyone can approve pending agent actions

Published Jun 19, 2026
GHSA-v52w-28xh-v562

Kozou: Unauthenticated MCP HTTP server and bundled dev-stack hardening (DNS-rebinding, request-body limits, read-only reads, default network exposure)

Published Jun 19, 2026
Check your entire dependency tree at onceRun dependency scan →