socket.io (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package socket.io, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2017-16031 — CVSS 7.5 (high): Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on…
CVE-2024-38355 — CVSS 7.3 (high): Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. A specially crafted Socket.IO packet can…
CVE-2020-28481 — CVSS 5.3 (medium): The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.