Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/socket.io-parser@4.2.3
purl pkg:npm/socket.io-parser@4.2.3
Next non-vulnerable version 4.2.6
Latest non-vulnerable version 4.2.6
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-9r7z-mdtu-s7f4
Aliases:
CVE-2026-33151
GHSA-677m-j7p3-52f9
4.2.6
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-vawq-jsk5-n3gq socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3. CVE-2023-32695
GHSA-cqmj-92xf-r6r9

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-13T06:26:03.637242+00:00 GHSA Importer Fixing VCID-vawq-jsk5-n3gq https://github.com/advisories/GHSA-cqmj-92xf-r6r9 38.6.0
2026-06-12T21:32:32.998834+00:00 GitLab Importer Affected by VCID-9r7z-mdtu-s7f4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/socket.io-parser/CVE-2026-33151.yml 38.6.0
2026-06-12T15:46:12.868750+00:00 GitLab Importer Fixing VCID-vawq-jsk5-n3gq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/socket.io-parser/CVE-2023-32695.yml 38.6.0
2026-06-12T08:00:26.960530+00:00 GithubOSV Importer Fixing VCID-vawq-jsk5-n3gq https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-cqmj-92xf-r6r9/GHSA-cqmj-92xf-r6r9.json 38.6.0