VIR Vulnerability Intelligence Relay

Package impact

npm npm / ws

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2024-37890 high 8.0 2y ago ws affected by a DoS when handling a request with many HTTP headers debiannpm
CVE-2026-45736 high 7.5 7.5 13d ago ws: Uninitialized memory disclosure debiannpm
CVE-2021-32640 unknown 5y ago ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerab… debiannpm
CVE-2016-10542 unknown 7y ago ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server… debiannpm
CVE-2016-10518 unknown 7y ago A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a p… debiannpm