Package impact
npm / socket.io-parser
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-33151 | unknown | — | — | 3mo ago | Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait f… | |||
| CVE-2023-32695 | unknown | — | — | 3y ago | socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the… | |||
| CVE-2022-2421 | unknown | — | — | 4y ago | Insufficient validation when decoding a Socket.IO packet | |||
| CVE-2020-36049 | unknown | — | — | 5y ago | socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used. |