ws — CVE history (npm)
ws
4 CVEs affect the ws npm package (highest CVSS 7.5). Latest disclosed: 2026-06-17. Full CVE history sourced from NVD.
Summary
- Package
ws(npm)- Total CVEs
4- Actively exploited (CISA KEV)
- 0
- Highest CVSS
7.5- Latest disclosed
- 2026-06-17
Recent CVEs (top 4)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-48779 | High | 7.5 | — | 2026-06-17 | ws is an open source WebSocket client and server for Node.js. |
CVE-2026-45736 | Medium | 4.4 | — | 2026-05-15 | ws is an open source WebSocket client and server for Node.js. |
CVE-2024-37890 | High | 7.5 | — | 2024-06-17 | ws is an open source WebSocket client and server for Node.js. |
CVE-2021-32640 | Medium | 5.3 | — | 2021-05-25 | ws is an open source WebSocket client and server library for Node.js. |
All-time worst (top 4 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-48779 | High | 7.5 | — | 2026-06-17 | ws is an open source WebSocket client and server for Node.js. |
CVE-2024-37890 | High | 7.5 | — | 2024-06-17 | ws is an open source WebSocket client and server for Node.js. |
CVE-2021-32640 | Medium | 5.3 | — | 2021-05-25 | ws is an open source WebSocket client and server library for Node.js. |
CVE-2026-45736 | Medium | 4.4 | — | 2026-05-15 | ws is an open source WebSocket client and server for Node.js. |