VulnerableCode Package Details - pkg:npm/mqtt-packet@4.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-dzfe-78pr-sqf6 Aliases: CVE-2019-5432 GHSA-wv67-9jq7-8r69	Denial of Service A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module.	4.1.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.6.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 6.1.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 6.2.0 Affected by 0 other vulnerabilities.
VCID-s3fz-bdzm-ybed Aliases: GMS-2016-7	Denial of Service Specifically crafted MQTT packets can crash the application, making a DoS attack feasible with very little bandwidth.	4.0.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-x6sj-jr9x-ufdm Aliases: CVE-2016-10523 GHSA-g3r2-65gc-qpqc	Improper Restriction of Operations within the Bounds of a Memory Buffer MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth.	4.0.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-dzfe-78pr-sqf6
Aliases:
CVE-2019-5432
GHSA-wv67-9jq7-8r69

Denial of Service A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module.

4.1.3
Affected by 1 other vulnerability.

5.6.1
Affected by 1 other vulnerability.

6.1.2
Affected by 1 other vulnerability.

6.2.0
Affected by 0 other vulnerabilities.

VCID-s3fz-bdzm-ybed
Aliases:
GMS-2016-7

Denial of Service Specifically crafted MQTT packets can crash the application, making a DoS attack feasible with very little bandwidth.

4.0.5
Affected by 1 other vulnerability.

VCID-x6sj-jr9x-ufdm
Aliases:
CVE-2016-10523
GHSA-g3r2-65gc-qpqc

Improper Restriction of Operations within the Bounds of a Memory Buffer MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth.

4.0.5
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T10:12:34.349086+00:00	Npm Importer	Affected by	VCID-dzfe-78pr-sqf6	https://github.com/nodejs/security-wg/blob/main/vuln/npm/500.json	38.6.0
2026-05-31T00:51:38.764318+00:00	GHSA Importer	Affected by	VCID-dzfe-78pr-sqf6	https://github.com/advisories/GHSA-wv67-9jq7-8r69	38.6.0
2026-05-31T00:51:22.105485+00:00	GHSA Importer	Affected by	VCID-x6sj-jr9x-ufdm	https://github.com/advisories/GHSA-g3r2-65gc-qpqc	38.6.0
2026-05-30T20:55:05.423872+00:00	GitLab Importer	Affected by	VCID-dzfe-78pr-sqf6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mqtt-packet/CVE-2019-5432.yml	38.6.0
2026-05-30T20:54:51.213532+00:00	GitLab Importer	Affected by	VCID-x6sj-jr9x-ufdm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mqtt-packet/CVE-2016-10523.yml	38.6.0
2026-05-30T20:52:20.931007+00:00	GitLab Importer	Affected by	VCID-s3fz-bdzm-ybed	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mqtt-packet/GMS-2016-7.yml	38.6.0