Socket Socket.io-parser — known CVE vulnerabilities
Every CVE whose affected-product data names Socket Socket.io-parser, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2022-2421 — CVSS 10.0 (critical): Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which…
CVE-2020-36049 — CVSS 7.5 (high): socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation…
CVE-2026-33151 — CVSS 7.5 (high): Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a…
CVE-2023-32695 — CVSS 7.3 (high): socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially…