Advisories for Npm/Statics-Server package

A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory.

Relative Path Traversal in statics-server.

An XSS in statics-server can be used via injected iframe in the filename when statics-server displays directory index in the browser.