Every CVE whose affected-product data names Ws Project Ws, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2016-10518 — CVSS 7.5 (high): A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a…
CVE-2016-10542 — CVSS 7.5 (high): ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455"…
CVE-2026-48779 — CVSS 7.5 (high): ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to…
CVE-2021-32640 — CVSS 5.3 (medium): ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can…
CVE-2026-45736 — CVSS 4.4 (medium): ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to…