OsVault/npm/socket.io
npm1 critical

socket.io

10 known vulnerabilities · 1 critical · 4 high

CVE-2020-28481MEDIUM

CORS misconfiguration in socket.io

Published Jan 20, 2021
CVE-2017-16031HIGH

Insecure randomness in socket.io

Published Nov 7, 2018
CVE-2020-36049HIGH

Resource exhaustion in socket.io-parser

Published Jun 30, 2021
CVE-2020-24807HIGH

File restriction bypass in socket.io-file

Published Oct 2, 2020
CVE-2026-33151

socket.io allows an unbounded number of binary attachments

Published Mar 18, 2026
CVE-2020-15779HIGH

Path Traversal in socket.io-file

Published Jul 7, 2020
MAL-2022-6199

Malicious code in socket.ioo-cient (npm)

Published Aug 19, 2022
CVE-2022-2421CRITICAL

Insufficient validation when decoding a Socket.IO packet

Published Oct 26, 2022
MAL-2025-191185

Malicious code in @alexcolls/nuxt-socket.io (npm)

Published Nov 25, 2025
GHSA-r2gr-fhmr-66c5

Duplicate Advisory: "Arbitrary code execution in socket.io-file"

Published May 10, 2021
Check your entire dependency tree at onceRun dependency scan →