VulnerableCode Package Details - pkg:npm/socket.io@0.9.6

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/socket.io@0.9.6

Essentials
History (6)

purl	pkg:npm/socket.io@0.9.6

Next non-vulnerable version	2.5.1
Latest non-vulnerable version	4.6.2
Risk	4.0

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-46wy-km1h-t3fm Aliases: CVE-2020-28481 GHSA-fxwf-4rqh-v8g3		2.4.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-4pww-7zts-9bfe Aliases: CVE-2024-38355 GHSA-25hc-qcg6-38wj		2.5.1 Affected by 0 other vulnerabilities. 3.0.0-rc1 Affected by 0 other vulnerabilities. 4.6.2 Affected by 0 other vulnerabilities.
VCID-h227-zqjx-eqcv Aliases: GMS-2012-4	Insecure randomness Because socket.io depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information.	0.9.7 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-qsqd-qxmq-muef Aliases: CVE-2017-16031 GHSA-qv2v-m59f-v5fw	Insecure randomness in socket.io	0.9.7 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rs6m-wcu5-zkat Aliases: GMS-2013-7	Memory leak when using HTTPS Socket.io will leak memory if used with HTTPS. This version seems to fix also other memory issues, even if HTTPS is not used.	0.9.14 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:33:31.354510+00:00	GitLab Importer	Affected by	VCID-4pww-7zts-9bfe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/socket.io/CVE-2024-38355.yml	38.6.0
2026-06-12T17:32:05.935934+00:00	GitLab Importer	Affected by	VCID-46wy-km1h-t3fm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/socket.io/CVE-2020-28481.yml	38.6.0
2026-06-12T16:46:28.655394+00:00	GitLab Importer	Affected by	VCID-rs6m-wcu5-zkat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/socket.io/GMS-2013-7.yml	38.6.0
2026-06-12T15:40:34.874213+00:00	GitLab Importer	Affected by	VCID-qsqd-qxmq-muef	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/socket.io/CVE-2017-16031.yml	38.6.0
2026-06-12T15:38:55.972999+00:00	GitLab Importer	Affected by	VCID-h227-zqjx-eqcv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/socket.io/GMS-2012-4.yml	38.6.0
2026-06-11T20:24:48.117299+00:00	GHSA Importer	Affected by	VCID-qsqd-qxmq-muef	https://github.com/advisories/GHSA-qv2v-m59f-v5fw	38.6.0