VYPR

npm package

srvx

pkg:npm/srvx

Vulnerabilities (1)

  • CVE-2026-33732MedMar 26, 2026
    affected < 0.11.13fixed 0.11.13

    srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvx's `FastURL` allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme (e.g. `file://`). Starting in ve