signalk-server (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package signalk-server, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (13)
CVE-2025-66398 — CVSS 9.6 (critical): Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can…
CVE-2026-33950 — CVSS 9.4 (critical): Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege…
CVE-2025-68620 — CVSS 9.1 (critical): Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 expose two features that can be…
CVE-2026-41893 — CVSS 7.5 (high): Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.25.0, the HTTP login endpoints (POST…
CVE-2025-68272 — CVSS 7.5 (high): Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service (DoS) vulnerability in versions prior to…
CVE-2026-33951 — CVSS 7.5 (high): Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an…
CVE-2026-39320 — CVSS 7.5 (high): Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25.0 are vulnerable to an unauthenticated…
CVE-2025-68619 — CVSS 7.2 (high): Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore interface allow…
CVE-2026-35038 — CVSS 6.5 (medium): Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read…
CVE-2025-69203 — CVSS 6.3 (medium): Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the access request system have…
CVE-2026-34083 — CVSS 6.1 (medium): Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, SignalK Server contains a code-level…
CVE-2025-68273 — CVSS 5.3 (medium): Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in…
CVE-2026-25228 — CVSS 5.0 (medium): Signal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnerability in SignalK…