ws — CVE history (npm)

ws

4 CVEs affect the ws npm package (highest CVSS 7.5). Latest disclosed: 2026-06-17. Full CVE history sourced from NVD.

Summary

Package
ws (npm)
Total CVEs
4
Actively exploited (CISA KEV)
0
Highest CVSS
7.5
Latest disclosed
2026-06-17

Recent CVEs (top 4)

CVESeverityCVSSKEVPublishedSummary
CVE-2026-48779High7.52026-06-17ws is an open source WebSocket client and server for Node.js.
CVE-2026-45736Medium4.42026-05-15ws is an open source WebSocket client and server for Node.js.
CVE-2024-37890High7.52024-06-17ws is an open source WebSocket client and server for Node.js.
CVE-2021-32640Medium5.32021-05-25ws is an open source WebSocket client and server library for Node.js.

All-time worst (top 4 by CVSS)

CVESeverityCVSSKEVPublishedSummary
CVE-2026-48779High7.52026-06-17ws is an open source WebSocket client and server for Node.js.
CVE-2024-37890High7.52024-06-17ws is an open source WebSocket client and server for Node.js.
CVE-2021-32640Medium5.32021-05-25ws is an open source WebSocket client and server library for Node.js.
CVE-2026-45736Medium4.42026-05-15ws is an open source WebSocket client and server for Node.js.