npm vulnerability intelligence

serve-static NPM Package
Vulnerability Check

Serve static files

Low severity MIT v2.2.1
Vulnerability Analysis OSV Live

serve-static

v2.2.1 · MIT · 111,989,106 dl/wk

Advisory Breakdown

Critical 0
High 0
Moderate 0
Low 2

Severity Rating

Low severity

2 advisories

Low severity

Weekly downloads

111,989,106

Total advisories

2

Latest version

2.2.1

License

MIT

Advisories Package Info Runtime

Known advisories

OSV records for the npm ecosystem

2
GHSA-c3x7-gjmx-r2ff CVE-2015-1164 low

Open Redirect in serve-static

Affected: >=0 <1.7.2, >=1.7.0 <1.7.2 Fixed in: 1.7.2 Updated Nov 8, 2023
View source
GHSA-cm22-4g7w-348p CVE-2024-43800 low

serve-static vulnerable to template injection that can lead to XSS

Affected: >=0 <1.16.0, >=2.0.0 <2.1.0 Fixed in: 1.16.0, 2.1.0 Updated Feb 4, 2026
View source

Checked Jun 14, 2026, 10:28 PM from npm and OSV.dev

Package metadata

From the npm registry

Package name
serve-static
Ecosystem
npm
Latest version
2.2.1
License
MIT
Weekly downloads
111,989,106
Repository
Open repository

Remediation boundary

What RequestGuard does — and doesn't — cover

RequestGuard does not fix npm package vulnerabilities. Dependency remediation happens through package updates, patches, lockfile changes, and maintainer guidance. RequestGuard can help mitigate runtime abuse around exposed web and API flows while remediation is handled separately.

Signup flows
Login attempts
API traffic

Protect runtime flows →

Allow, challenge, review, and block decisions for exposed endpoints.

Data from npm registry and OSV.dev · Checked 6/14/2026, 10:28:33 PM