Browse all 3 CVE security advisories affecting static-web-server. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Static-web-server serves as a lightweight, high-performance solution for hosting static websites and files, prioritizing speed and minimal resource usage. Historically, it has been susceptible to common web vulnerabilities including remote code execution (RCE) through path traversal flaws and cross-site scripting (XSS) via improper input sanitization. While no major security incidents have been widely documented, the three recorded CVEs highlight potential risks in file handling and request processing. The project maintains a security-focused approach with regular updates, though its minimal architecture may limit some built-in protections. Users should implement proper access controls and input validation to mitigate potential exploitation vectors.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-27480 | Static Web Server: Timing-Based Username Enumeration in Basic Authentication — static-web-serverCWE-204 | 5.3 | Medium | 2026-02-21 |
| CVE-2025-67487 | Static Web Server is vulnerable to symbolic link Path Traversal — static-web-serverCWE-61 | 8.6AI | HighAI | 2025-12-09 |
| CVE-2024-32966 | Stored Cross-site Scripting in directory listings via file names in static-web-server — static-web-serverCWE-79 | 5.8 | Medium | 2024-05-01 |
This page lists every published CVE security advisory associated with static-web-server. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.