VYPR

Ws

by Websockets

npm: ws

Source repositories

CVEs (3)

  • CVE-2024-37890HigJun 17, 2024
    risk 0.42cvss 7.5epss 0.01

    ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3…

  • CVE-2026-48779higJun 15, 2026
    risk 0.39cvss epss 0.01

    ### Impact A high volume of exceptionally small fragments and data chunks can be sent by a peer, with modest network traffic, to force the remote peer into allocating and holding structural wrappers that consume far more memory than the default documented message-size limit,…

  • CVE-2026-45736MedMay 15, 2026
    risk 0.22cvss 4.4epss 0.01

    ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1.